|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Laptop plötzlich extrem langsam und Browser stürzen abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  06.03.2013, 13:32 | #16 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Laptop plötzlich extrem langsam und Browser stürzen ab Dann bitte jetzt Combofix ausführen: Scan mit Combofix 
 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  06.03.2013, 15:04 | #17 | 
|   |   Laptop plötzlich extrem langsam und Browser stürzen ab Combofix Log:__________________ Code: 
  ATTFilter ComboFix 13-03-05.01 - JayokDaOne 06.03.2013  13:53:53.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1918.997 [GMT 1:00]
ausgeführt von:: c:\users\JayokDaOne\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2ka1Puoy.exe.b
c:\programdata\RWvESYd.pad
c:\users\JayokDaOne\AppData\Local\lame_enc.dll
c:\users\JayokDaOne\AppData\Local\no23xwrapper.dll
c:\users\JayokDaOne\AppData\Local\ogg.dll
c:\users\JayokDaOne\AppData\Local\vorbis.dll
c:\users\JayokDaOne\AppData\Local\vorbisenc.dll
c:\users\JayokDaOne\AppData\Local\vorbisfile.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-06 bis 2013-03-06  ))))))))))))))))))))))))))))))
.
.
2013-03-06 13:27 . 2013-03-06 13:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-06 12:42 . 2013-03-06 12:42	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C28B1A98-4230-4DCD-85EF-E6DC5E6D21F5}\offreg.dll
2013-03-06 12:12 . 2013-03-06 12:12	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-03-05 20:05 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C28B1A98-4230-4DCD-85EF-E6DC5E6D21F5}\mpengine.dll
2013-03-01 15:43 . 2013-03-01 15:43	--------	d-----w-	c:\programdata\ATI
2013-02-28 21:51 . 2013-02-28 22:20	--------	d-----w-	c:\program files\ATI Technologies
2013-02-28 20:21 . 2013-03-01 00:59	--------	d-----w-	c:\program files (x86)\DriverTuner
2013-02-28 19:52 . 2013-02-28 19:53	--------	d-----w-	c:\users\JayokDaOne\AppData\Local\ElevatedDiagnostics
2013-02-26 20:25 . 2013-02-28 20:51	--------	d-----w-	c:\programdata\AMD
2013-02-26 19:06 . 2013-03-01 00:59	--------	d-----w-	C:\AMD
2013-02-26 18:32 . 2013-02-26 18:32	--------	d-----w-	c:\program files\Java
2013-02-17 16:25 . 2013-02-17 16:25	--------	d-----w-	c:\users\JayokDaOne\AppData\Local\B1E
2013-02-17 16:25 . 2013-02-17 16:25	--------	d-----w-	c:\users\JayokDaOne\AppData\Roaming\B1Toolbar
2013-02-14 13:37 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 13:37 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 13:34 . 2013-01-09 01:12	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-13 21:11 . 2013-01-05 05:57	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 21:11 . 2013-01-05 05:02	3957608	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:11 . 2013-01-05 05:02	3902312	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 21:24 . 2012-06-22 15:21	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-05 21:24 . 2011-06-21 08:37	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 13:43 . 2012-02-20 17:08	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-04 00:43 . 2013-02-04 00:43	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-02-04 00:43 . 2013-02-04 00:43	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2013-01-17 00:28 . 2011-06-13 20:59	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 21:10	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-22 02:01	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 02:01	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2011-06-25 22:50	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 05:41 . 2013-01-09 19:51	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 19:51	2745856	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 19:51	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 19:51	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 19:51	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 19:51	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 19:51	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 19:51	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 19:51	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 19:51	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 19:51	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 19:51	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 19:51	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 19:51	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 19:51	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 19:51	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 19:51	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 03:45 . 2013-01-09 19:51	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 19:51	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 19:51	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 19:51	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 19:51	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 19:51	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 19:51	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 19:51	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 19:51	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 19:51	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 19:51	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 19:51	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 19:51	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 19:51	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 19:51	15360	----a-w-	c:\windows\SysWow64\djctq.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\JayokDaOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [2011-05-12 512000]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [2011-05-09 122368]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-09-08 13352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 21:24]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\JayokDaOne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\JayokDaOne\AppData\Roaming\Mozilla\Firefox\Profiles\cyqlsute.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.b1.org/?bsrc=4hfxr&chid=c167991
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
Wow6432Node-HKCU-Run-Ekadkiyxb - c:\users\JayokDaOne\AppData\Roaming\Pefy\tean.exe
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2711640679-1226958958-2877314694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2711640679-1226958958-2877314694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06  14:52:12
ComboFix-quarantined-files.txt  2013-03-06 13:51
.
Vor Suchlauf: 38 Verzeichnis(se), 24.646.221.824 Bytes frei
Nach Suchlauf: 44 Verzeichnis(se), 28.559.388.672 Bytes frei
.
- - End Of File - - BDDA10959C1F42D500BA9816503AEF3A
          | 
|  06.03.2013, 16:05 | #18 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Laptop plötzlich extrem langsam und Browser stürzen ab JRT - Junkware Removal Tool__________________ Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu   vermeiden. 
 Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop. 
 Danach eine Kontrolle mit OTL bitte: 
 
				__________________ | 
|  07.03.2013, 00:27 | #19 | 
|   |   Laptop plötzlich extrem langsam und Browser stürzen ab Alles klar...: JRT: Code: 
  ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by JayokDaOne on 06.03.2013 at 23:32:40,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2711640679-1226958958-2877314694-1000\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\JayokDaOne\AppData\Roaming\mozilla\firefox\profiles\cyqlsute.default\user.js
Successfully deleted: [Folder] C:\Users\JayokDaOne\AppData\Roaming\mozilla\firefox\profiles\cyqlsute.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\JayokDaOne\AppData\Roaming\mozilla\firefox\profiles\cyqlsute.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://search.b1.org/?bsrc=4hfxr&chid=c167991");
Emptied folder: C:\Users\JayokDaOne\AppData\Roaming\mozilla\firefox\profiles\cyqlsute.default\minidumps [49 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\hahpjplbmicfkmoccokbjejahjjpnena
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2013 at 23:51:47,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         Adw Cleaner: Code: 
  ATTFilter # AdwCleaner v2.114 - Datei am 07/03/2013 um 00:00:05 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : JayokDaOne - JAYOKDAONE-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\JayokDaOne\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\JayokDaOne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Before] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647 --> hxxp://www.google.com
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\JayokDaOne\AppData\Roaming\Mozilla\Firefox\Profiles\cyqlsute.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v16.0.912.63
Datei : C:\Users\JayokDaOne\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.14.1738.0
Datei : C:\Users\JayokDaOne\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2791 octets] - [07/03/2013 00:00:05]
########## EOF - C:\AdwCleaner[S1].txt - [2851 octets] ##########
         OTL: Code: 
  ATTFilter OTL logfile created on: 07.03.2013 00:10:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayokDaOne\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,24% Memory free 3,75 Gb Paging File | 3,04 Gb Available in Paging File | 81,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,10 Gb Total Space | 26,54 Gb Free Space | 17,92% Space Free | Partition Type: NTFS Drive D: | 11,72 Gb Total Space | 0,66 Gb Free Space | 5,64% Space Free | Partition Type: NTFS Drive E: | 73,07 Gb Total Space | 50,60 Gb Free Space | 69,25% Space Free | Partition Type: NTFS Computer Name: JAYOKDAONE-PC | User Name: JayokDaOne | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JayokDaOne\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (UDisk Monitor) -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (Generalusbserialser20675) -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys (Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://www.google.com IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 90 B1 C2 0B 2A CC 01 [binary data] IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JayokDaOne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\JayokDaOne\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.08 02:43:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.07 00:00:13 | 000,000,000 | ---D | M] [2012.05.30 20:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayokDaOne\AppData\Roaming\mozilla\Extensions [2013.03.06 23:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayokDaOne\AppData\Roaming\mozilla\Firefox\Profiles\cyqlsute.default\extensions [2012.02.28 21:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.28 21:48:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.08 02:43:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.04.08 02:43:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.08 02:43:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.08 02:43:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.08 02:43:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.08 02:43:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.08 02:43:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991 O1 HOSTS File: ([2013.03.06 14:27:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - Startup: C:\Users\JayokDaOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2711640679-1226958958-2877314694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JayokDaOne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JayokDaOne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25947614-607E-4BFC-AA9F-2166123D1B4C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A567E8F-668A-4ED1-BC09-369868F3DA9F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.06 23:25:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.06 23:21:04 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.06 23:19:59 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JayokDaOne\Desktop\JRT.exe [2013.03.06 18:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.06 18:36:56 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.06 18:36:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.06 18:35:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.06 18:35:25 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.06 18:35:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 14:53:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.06 13:49:41 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\JayokDaOne\Desktop\ComboFix.exe [2013.03.06 13:46:47 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{FA74DD6F-D171-4E37-B35B-02CD642C4370} [2013.03.06 13:39:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.06 13:39:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.06 13:39:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.06 13:39:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.06 13:39:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.06 13:12:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.03.06 12:51:35 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{A6DF6171-9066-4A39-9222-3C06CBF41249} [2013.03.05 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{4F0D3DE9-63ED-43D4-9EBB-0CB9E8A1F425} [2013.03.03 22:28:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JayokDaOne\Desktop\OTL.exe [2013.03.03 21:28:42 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{EDCCF692-7C45-4564-B437-0E1410075D87} [2013.03.03 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{8A131FF6-86CE-4F96-979C-F8B6F85071F4} [2013.03.02 14:35:59 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{3B9D28B4-E6E9-4E1D-8784-2AB5E766B521} [2013.03.01 16:44:07 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{3990FB05-4B77-43C8-B95A-9BA4AB332D01} [2013.03.01 16:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.28 22:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.02.28 21:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner [2013.02.28 21:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner [2013.02.28 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\ElevatedDiagnostics [2013.02.28 14:04:40 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{93130993-8093-4C37-AE59-E6DC7B5478B3} [2013.02.27 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{415C5E95-56B5-4903-92B6-60DF212F0585} [2013.02.27 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{1A7DC5E0-8DFF-4831-8DCF-3604CE7735A1} [2013.02.26 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.02.26 20:06:09 | 000,000,000 | ---D | C] -- C:\AMD [2013.02.26 19:38:39 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{2F43C570-B55C-4188-95D0-0E5805FA8461} [2013.02.26 19:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.25 18:22:30 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{24B8672D-AA41-4611-A70A-B87B4DAE74AE} [2013.02.14 16:01:40 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{8E27CBE9-B498-49EE-916C-54A0EFE08E24} [2013.02.14 14:35:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 14:35:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 14:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 14:35:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 14:35:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 14:35:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 14:35:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 14:35:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 14:35:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 14:35:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 14:35:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 14:35:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 14:34:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 14:34:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 14:34:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 22:11:20 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 22:11:18 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 22:11:17 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 22:10:48 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 22:10:48 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 22:10:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 22:10:47 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 22:10:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 22:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 22:10:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 22:10:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 22:10:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 22:10:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 22:10:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 22:10:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 22:10:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 22:10:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 22:10:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 22:10:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 22:10:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 22:10:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 22:10:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 22:10:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 22:10:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 22:10:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 22:10:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 22:10:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 22:10:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 22:10:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 22:10:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 22:10:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 22:10:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 22:10:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 22:10:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 22:10:27 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.11 19:58:11 | 000,000,000 | ---D | C] -- C:\Users\JayokDaOne\AppData\Local\{B4B24932-3F3D-428C-BD4E-4A4A4A3E6B76} [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\JayokDaOne\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\JayokDaOne\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\JayokDaOne\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\JayokDaOne\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2013.03.07 00:06:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.07 00:06:11 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2013.03.06 23:38:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 23:38:01 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 23:20:08 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JayokDaOne\Desktop\JRT.exe [2013.03.06 23:19:33 | 000,597,667 | ---- | M] () -- C:\Users\JayokDaOne\Desktop\adwcleaner.exe [2013.03.06 18:34:44 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.06 18:34:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.06 18:34:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.06 18:34:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 18:34:35 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.06 18:34:35 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.06 18:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.06 15:55:00 | 000,095,350 | ---- | M] () -- C:\Users\JayokDaOne\Desktop\fühln.JPG [2013.03.06 14:27:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.06 13:49:53 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\JayokDaOne\Desktop\ComboFix.exe [2013.03.05 22:24:07 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.05 22:24:07 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.03 22:28:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayokDaOne\Desktop\OTL.exe [2013.02.20 21:59:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.20 21:59:12 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.20 21:59:12 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.20 21:59:12 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.20 21:59:12 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.19 20:25:56 | 000,014,336 | -H-- | M] () -- C:\Users\JayokDaOne\Desktop\photothumb.db [2013.02.14 15:57:09 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.05 10:05:38 | 000,015,759 | ---- | M] () -- C:\Users\JayokDaOne\Desktop\Opferbrief.odt ========== Files Created - No Company Name ========== [2013.03.06 23:19:22 | 000,597,667 | ---- | C] () -- C:\Users\JayokDaOne\Desktop\adwcleaner.exe [2013.03.06 15:54:59 | 000,095,350 | ---- | C] () -- C:\Users\JayokDaOne\Desktop\fühln.JPG [2013.03.06 13:39:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.06 13:39:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.06 13:39:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.06 13:39:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.06 13:39:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.18 22:36:43 | 000,819,231 | ---- | C] () -- C:\Users\JayokDaOne\Desktop\ViolinRoll.mp3 [2013.02.06 02:41:52 | 003,738,644 | ---- | C] () -- C:\Users\JayokDaOne\Desktop\Haunted 3.mp3 [2013.02.05 10:04:06 | 000,015,759 | ---- | C] () -- C:\Users\JayokDaOne\Desktop\Opferbrief.odt [2012.10.11 19:36:54 | 000,076,360 | ---- | C] () -- C:\ProgramData\bsucopojfhiozqr [2012.09.09 19:16:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\1FMFw1.dat [2012.09.09 19:15:57 | 000,000,001 | ---- | C] () -- C:\ProgramData\2ka1Puoy.exe_.b [2011.11.04 15:02:15 | 000,000,008 | ---- | C] () -- C:\Users\JayokDaOne\AppData\Roaming\iujng0jn1vxc2o7c.dat [2011.06.20 00:47:28 | 000,005,632 | ---- | C] () -- C:\Users\JayokDaOne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.16 20:28:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.13 22:40:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > | 
|  07.03.2013, 00:29 | #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Laptop plötzlich extrem langsam und Browser stürzen abZitat: 
 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  07.03.2013, 17:13 | #21 | 
|   |   Laptop plötzlich extrem langsam und Browser stürzen ab Weil beim Normalstart nach ca. 5 min wieder alles nicht richtig rund läuft. Die Festplatte rattert im Hintergrund und die Browser arbeiten nur langsam mit ca. 4 minütiger komplett Unterbrechung (Keine Rückmeldung, Sanduhr, nix funktioniert). Dann gehts wieder einigermaßen für 2 min. und dann wieder nicht.  | 
|  07.03.2013, 17:25 | #22 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Laptop plötzlich extrem langsam und Browser stürzen ab Erstell dir mal bitte ein neues Windows-Benutzerkonto über die Systemsteuerung, starte dann neu in den normalen Modus und melde dich mit dem neuen Benutzer an. Beobachte und berichte wie es damit läuft.  
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  07.03.2013, 20:58 | #23 | 
|   |   Laptop plötzlich extrem langsam und Browser stürzen ab Leider keine Veränderung. Aber mir ist aufgefallen, dass der Windows Leistungsindex bei Grafik auf 3,1 steht. Kann es sein, dass es damit was zu tun hat?  | 
|  08.03.2013, 10:55 | #24 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Laptop plötzlich extrem langsam und Browser stürzen ab Hat mit dem Leistungsindex wohl imho wenig bis garnichts zu tun. Es sei denn er ist erheblich in den Keller gegangen, wo war er denn vorher, weißt du das noch? Weißt du auch noch seit wann in etwas du das Problem hast? Im Ausgangspostings hast du von "seit einigen Tagen" gesprochen, kannst du noch nachvollziehen was du am System gemacht hast? Software oder Hardware bzw. Treiber installiert? Du hast das System auch schon mal mit einer Live-Linux-CD gebootet um zu sehen wie es da läuft? So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist. Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft. 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  | 
| Themen zu Laptop plötzlich extrem langsam und Browser stürzen ab | 
| browser, browser stürzen ab, extrem, extrem langsam, folge, folgendes, grafik, hochfahren, hängt, keine rückmeldung, langsam, laptop, opera, plötzlich, rückmeldung, stürzen, tagen, vorgehen, windows 7 64 bit |