Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte

Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte


Log-Analyse und Auswertung: Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.03.2013, 15:15   #1
chefzon
 
Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte - Standard

Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte


gutentag,
es mag spekulation sein dennoch bin ich mir relativ sicher das hier etwas nich mit rechten dingen zugeht!

avira hat nichts gefunden..

laptop startet, reagiert & fährt immer langsamer herunter der pc verhält sich ähnlich.

ich fürchte um meine anonymität und hab angst das ich überwacht werde!

habe den pc jetzt neu aufgesetzt das wlan am router abgeklemmt und am laptop deaktiviert.
um mir sicher zu sein das mein frisch aufgesetzter pc sicher ist bitte ich um eine überprüfung der angehängten logs.


dankend, diaz




OTL:

OTL logfile created on: 17.03.2013 14:13:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free
12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS
Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS
Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe
PRC - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
PRC - [2011.08.21 17:47:28 | 000,596,992 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe
PRC - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe
PRC - [2009.07.07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.06.11 21:14:26 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\C2DtoG15\LgLcdLibWrapper.dll
MOD - [2009.07.30 14:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013.03.15 18:02:47 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006.11.02 12:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013.03.16 00:14:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.03.16 00:12:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) [Auto | Running] -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe -- (SystoG15Svc)
SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.03.15 23:24:47 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.03.15 18:02:50 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MCfilt64.sys -- (MCfilt)
DRV:64bit: - [2013.03.15 18:02:47 | 000,478,208 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2013.03.15 17:56:22 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2012.04.18 03:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2008.09.19 09:04:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008.07.16 10:11:00 | 000,092,672 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol)
DRV:64bit: - [2008.07.10 10:11:00 | 000,024,576 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol)
DRV - [2013.03.15 14:47:37 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15)
DRV - [2013.03.15 14:47:37 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.15 14:47:37 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.03.15 14:47:37 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG)
DRV - [2013.03.13 15:58:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130313.003\IDSviA64.sys -- (IDSVia64)
DRV - [2013.03.01 02:09:56 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.07.26 22:30:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys -- (WinRing0_1_2_0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 25 C3 B8 E7 21 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013.03.15 17:53:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.03.17 13:31:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:10:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 14:47:41 | 000,000,000 | ---D | M]

[2013.03.15 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Extensions
[2013.03.15 17:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Firefox\Profiles\k8pqwaiq.default\extensions
[2013.03.15 17:23:09 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2013.03.15 17:22:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.15 14:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.16 18:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E0E366-63D4-44E8-ABB1-952021989F07}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.03.17 14:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe
[2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2013.03.16 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\DivX
[2013.03.16 18:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.03.16 18:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.03.16 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.03.16 18:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.03.16 18:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.03.16 17:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamSpy
[2013.03.16 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamSpy
[2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivX
[2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Playa
[2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivXCodec
[2013.03.16 16:18:45 | 001,200,640 | ---- | C] (Fath Software ( www.fathsoft.com )) -- C:\Windows\SysWow64\csCapx.ocx
[2013.03.16 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\vlc
[2013.03.16 16:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013.03.16 05:22:02 | 000,000,000 | ---D | C] -- C:\Users\diaz\Desktop\Perry Rhodan - Silber Edition 02
[2013.03.16 03:46:15 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\WinRAR
[2013.03.16 03:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\C2DtoG15
[2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C2DtoG15
[2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C2DtoG15
[2013.03.16 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Logitech
[2013.03.16 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\NVIDIA
[2013.03.16 01:46:30 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Leadertech
[2013.03.16 01:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.03.16 01:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.16 01:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logitech
[2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logishrd
[2013.03.16 00:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.03.16 00:14:15 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.03.16 00:14:15 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.03.16 00:14:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.03.16 00:14:14 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.03.16 00:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center
[2013.03.16 00:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.03.16 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.03.16 00:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.03.16 00:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.03.16 00:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
[2013.03.15 23:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2013.03.15 23:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 4.0
[2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.15 23:35:57 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.03.15 23:35:57 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.03.15 23:35:57 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.03.15 23:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.03.15 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\TuneUp Software
[2013.03.15 23:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.03.15 23:33:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.15 23:33:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.15 23:27:34 | 000,000,000 | ---D | C] -- C:\RaidTool
[2013.03.15 23:25:59 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2013.03.15 23:00:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.03.15 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.15 22:44:49 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.03.15 22:44:49 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.03.15 22:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.03.15 22:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.03.15 22:02:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.03.15 21:29:47 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys
[2013.03.15 21:29:47 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys
[2013.03.15 21:29:47 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys
[2013.03.15 21:29:47 | 000,445,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symtdiv.sys
[2013.03.15 21:29:47 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys
[2013.03.15 21:29:47 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys
[2013.03.15 21:29:47 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys
[2013.03.15 21:29:47 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys
[2013.03.15 21:29:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E
[2013.03.15 20:42:01 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\LolClient
[2013.03.15 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\PMB Files
[2013.03.15 18:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.03.15 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2013.03.15 18:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2013.03.15 18:20:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.15 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2013.03.15 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\InstallShield
[2013.03.15 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013.03.15 17:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013.03.15 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.03.15 17:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.15 17:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.03.15 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.15 17:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.15 17:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\ElevatedDiagnostics
[2013.03.15 16:55:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2013.03.15 16:55:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2013.03.15 16:55:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2013.03.15 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\CrashDumps
[2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Macromedia
[2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Macromedia
[2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Adobe
[2013.03.15 16:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.03.15 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.15 15:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Mozilla
[2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Mozilla
[2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.15 14:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.15 14:32:53 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.03.15 14:32:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013.03.15 14:32:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.03.15 14:30:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[2013.03.15 14:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.15 14:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013.03.15 14:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.03.15 14:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adjustment Pattern software
[2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adjustment Pattern software
[2013.03.15 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.03.15 14:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\Searches
[2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.03.15 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Identities
[2013.03.15 14:14:42 | 000,000,000 | R--D | C] -- C:\Users\diaz\Contacts
[2013.03.15 14:14:42 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\VirtualStore
[2013.03.15 14:14:39 | 000,000,000 | --SD | C] -- C:\Users\diaz\AppData\Roaming\Microsoft
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Videos
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Saved Games
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Pictures
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Music
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Links
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Favorites
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop\Downloads
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Documents
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop
[2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Vorlagen
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Verlauf
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Temporary Internet Files
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Startmenü
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\SendTo
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Recent
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Netzwerkumgebung
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Lokale Einstellungen
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Videos
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Musik
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Eigene Dateien
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Bilder
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Druckumgebung
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Cookies
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Anwendungsdaten
[2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Anwendungsdaten
[2013.03.15 14:14:39 | 000,000,000 | -H-D | C] -- C:\Users\diaz\AppData
[2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Temp
[2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Microsoft
[2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Media Center Programs
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.15 14:10:30 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2013.03.15 14:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.15 13:59:27 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2013.03.15 13:57:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.03.15 13:57:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.03.15 13:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.03.15 13:56:42 | 000,000,000 | -HSD | C] -- C:\Boot

========== Files - Modified Within 30 Days ==========

[2013.03.17 14:12:22 | 000,000,000 | ---- | M] () -- C:\Users\diaz\defogger_reenable
[2013.03.17 14:11:06 | 000,377,856 | ---- | M] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe
[2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe
[2013.03.17 14:09:35 | 000,050,477 | ---- | M] () -- C:\Users\diaz\Desktop\Defogger.exe
[2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 13:36:59 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.17 13:36:59 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.17 13:36:59 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.17 13:36:59 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.17 13:36:59 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.17 13:31:34 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.03.17 13:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.16 16:24:25 | 000,228,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.16 16:24:08 | 002,416,886 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013.03.16 02:10:03 | 000,249,856 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.exe
[2013.03.16 02:10:03 | 000,000,922 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp
[2013.03.16 02:03:07 | 000,000,882 | ---- | M] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk
[2013.03.16 00:14:18 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.03.16 00:14:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.03.16 00:14:15 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.03.16 00:11:12 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2013.03.15 22:44:35 | 000,001,460 | ---- | M] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat
[2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2013.03.15 19:51:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.15 19:51:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.15 18:35:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.15 18:35:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.15 17:56:22 | 000,015,680 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2013.03.15 17:43:18 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll
[2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.03.15 16:54:44 | 002,686,976 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013.03.15 16:54:44 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013.03.15 16:54:44 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013.03.15 14:04:06 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.03.15 13:56:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2013.03.17 14:12:22 | 000,000,000 | ---- | C] () -- C:\Users\diaz\defogger_reenable
[2013.03.17 14:10:13 | 000,377,856 | ---- | C] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe
[2013.03.17 14:09:34 | 000,050,477 | ---- | C] () -- C:\Users\diaz\Desktop\Defogger.exe
[2013.03.16 16:18:45 | 000,999,424 | ---- | C] () -- C:\Windows\SysWow64\fathmail.dll
[2013.03.16 02:03:07 | 000,000,882 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk
[2013.03.16 00:14:24 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini
[2013.03.16 00:14:24 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2013.03.16 00:14:24 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2013.03.16 00:14:24 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2013.03.16 00:14:18 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.03.16 00:14:18 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.03.16 00:14:18 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.03.16 00:14:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.03.16 00:14:18 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.03.16 00:09:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.03.16 00:09:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.03.15 23:35:41 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.03.15 22:38:12 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 22:04:30 | 002,416,886 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013.03.15 21:29:47 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv64.cat
[2013.03.15 21:29:47 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.cat
[2013.03.15 21:29:47 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet64.cat
[2013.03.15 21:29:47 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.cat
[2013.03.15 21:29:47 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.cat
[2013.03.15 21:29:47 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.cat
[2013.03.15 21:29:47 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.cat
[2013.03.15 21:29:47 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.cat
[2013.03.15 21:29:47 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa.inf
[2013.03.15 21:29:47 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds.inf
[2013.03.15 21:29:47 | 000,001,469 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv.inf
[2013.03.15 21:29:47 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet.inf
[2013.03.15 21:29:47 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.inf
[2013.03.15 21:29:47 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.inf
[2013.03.15 21:29:47 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.inf
[2013.03.15 21:29:47 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.inf
[2013.03.15 21:29:43 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symvtcer.dat
[2013.03.15 21:29:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini
[2013.03.15 19:51:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.15 19:51:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.15 18:19:27 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2013.03.15 18:19:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013.03.15 18:19:22 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.03.15 18:19:15 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2013.03.15 18:19:14 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2013.03.15 18:19:10 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2013.03.15 18:19:03 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2013.03.15 18:18:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2013.03.15 17:44:14 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013.03.15 17:44:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.03.15 17:44:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.03.15 17:43:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2013.03.15 16:54:42 | 002,686,976 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013.03.15 16:54:42 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013.03.15 16:54:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013.03.15 15:01:35 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2013.03.15 14:47:42 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.15 14:32:53 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.15 14:32:53 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.15 14:14:55 | 000,000,949 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.03.15 14:14:53 | 000,000,979 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.15 14:14:52 | 000,000,974 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.03.15 14:14:42 | 000,000,915 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013.03.15 14:14:40 | 000,001,460 | ---- | C] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat
[2013.03.15 14:03:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2013.03.15 13:56:43 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2013.03.15 13:56:42 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2009.05.20 01:08:44 | 000,249,856 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.exe
[2009.05.12 13:21:30 | 000,000,922 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp

========== ZeroAccess Check ==========

[2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.03.16 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\Leadertech
[2013.03.15 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\LolClient
[2013.03.15 23:35:31 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >







Extras:

OTL Extras logfile created on: 17.03.2013 14:13:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free
12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS
Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS
Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 37 7B DB 41 A5 21 CE 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0987D816-F1FA-40E5-A878-E076692987F2}" = lport=57295 | protocol=6 | dir=in | name=pando media booster |
"{0B572DD7-4FAE-4B86-949E-C5591C76F821}" = lport=57295 | protocol=6 | dir=in | name=pando media booster |
"{0CB60C75-5F55-4474-B2F4-D12BE4EACD38}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F2B3D97-CCC6-4147-99CF-1819C839347B}" = lport=138 | protocol=17 | dir=in | app=system |
"{20945B7B-A2E6-4C47-9629-441193CC563F}" = lport=57295 | protocol=17 | dir=in | name=pando media booster |
"{2D11DF45-CD6F-4A66-B4CF-5714D12546F9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{33588CC5-4B60-48D1-A8AE-960B0478495B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4783F460-6428-4938-AF27-9CBAE0BE3BE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{50457261-10B7-4D92-AF99-FAD0758EBB81}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{50E7328B-4873-4873-B1DA-C2F4AC4ADAF8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5C255983-0BC8-41A2-B413-C665D77EDE3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C38391C-96E3-4306-9FC9-BA3D1DBC7BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D01F0A9-33A9-4B25-B664-D746E6FDD6DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FEEDB73-1BEC-4480-8AF2-C19C41D7853C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F1595C8-DC81-4E77-88B2-265D79AF1E87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71825774-A525-4687-A5CC-5F64B363F314}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75A94D37-8299-4436-B685-D93FD58DC329}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78BE65F4-8444-4C7E-8E2F-26E28A14AA48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9024F2C6-A6C5-4139-B52A-88877B77FAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9396CC3E-FB14-4255-8C5F-491ECB790797}" = rport=139 | protocol=6 | dir=out | app=system |
"{97AFE8E0-46B0-4B47-AC8D-D080EB60A070}" = rport=137 | protocol=17 | dir=out | app=system |
"{9EA1BD84-E86A-4096-B87E-A375F42318B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0E4D813-5C1C-439C-A4A0-937B378AFE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7F11CBC-C568-4F46-B97B-8A5B9FFF876A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B96D8156-D411-4EAC-A4AA-4C71510FB8EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF6CAB99-935A-4985-87B0-3EC14B14F1EF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DFC026F5-F886-4699-A6D2-91E5631E603B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5073BDC-78EF-49D6-A4FD-AB090C82B24A}" = lport=57295 | protocol=17 | dir=in | name=pando media booster |
"{FB2B6968-6E2D-4267-9163-045C06AF90DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{FC79926B-24B0-4BF0-A45E-C6B18A8CE2DA}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C39439-66DA-4DE7-ACF8-D2DA26645A17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{16B4D10D-598A-4D9D-9DC7-8AF002394F9E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CD994E6-C4AA-43B8-85C5-B8500E4B3E5E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3B3C6A21-62F1-4EDE-8F67-A8EDDAFB6A82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3B83B249-8C4C-4191-B3AA-D5DBA3DA9B49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46A6BA27-5CFD-4E1E-810B-ABC3F684AB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{6245CFA6-16DA-40BA-82AB-001D2B179261}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6A18A6A3-27DE-47A1-965F-C6E4B43A82CC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7DFCB4E9-CF5B-49E1-A76C-9A689F5B0285}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{8221BF91-4616-436E-B570-31750CB189E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{82296784-2B7F-4636-BBF9-E8A52CA80176}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{94EB5FB1-8995-4D7F-9F3A-59A2D4152763}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9B19B7B0-98B3-4372-BFF3-ACE747DF35AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BB718295-B2CD-442C-9FB2-534709679D76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC5BBB16-C340-4E40-A4AF-21BC304D92C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CCB6D13F-47D1-4A63-9FEB-57A76D3E1396}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CE3C28B7-4E07-43C4-AB96-8E8F95C203B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE6E0C82-F68D-4740-928E-A6E92B891AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{D62C958C-1E5E-4D8A-A873-34C1B3E05992}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDB510E5-0F7C-433B-BAEC-341D1274D941}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{FED8ED2E-7437-46CA-988B-B9BC68FC4361}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.2.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility
"{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{922A36F5-6663-45C0-A515-B63C4E585195}" = TweakIt
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"Adjustment Pattern software utility" = Adjustment Pattern software utility
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CamSpy_is1" = CamSpy V.5.0.5
"DivX Setup" = DivX-Setup
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"ThePlaya" = The Playa
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.03.2013 19:29:45 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.03.2013 19:42:02 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.03.2013 23:51:05 | Computer Name = diaz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LolClient.exe, Version 2.0.2.12610, Zeitstempel
0x4c00573a, fehlerhaftes Modul Adobe AIR.dll, Version 3.6.0.5920, Zeitstempel 0x510610d1,
Ausnahmecode 0xc0000005, Fehleroffset 0x001cf816, Prozess-ID 0x1224, Anwendungsstartzeit
01ce21d88a9c9813.

Error - 16.03.2013 08:45:18 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2013 11:09:30 | Computer Name = diaz-PC | Source = System Restore | ID = 8193
Description =

Error - 16.03.2013 11:25:19 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2013 12:18:48 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2013 13:09:36 | Computer Name = diaz-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX
OVS Helper\npovshelper.dll". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 16.03.2013 18:12:24 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2013 08:31:53 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:13:01 | Computer Name = diaz-PC | Source = HTTP | ID = 15016
Description =

Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321
Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 15.03.2013 12:53:20 | Computer Name = diaz-PC | Source = HTTP | ID = 15016
Description =


< End of report >




Gmer:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 14:43:36
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 ST31000524AS rev.JC4B 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\diaz\AppData\Local\Temp\kxldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- EOF - GMER 2.1 ----

 

Themen zu Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte
autorun, bho, browser, error, explorer, firefox, flash player, format, helper, install.exe, installation, launch, logfile, mozilla, netzwerk, nvidia, pando media booster, plug-in, programme, registry, rundll, scan, security, software, svchost.exe, symantec, vista, windows xp, wlan


« F:\RECYCLER\e621ca05.exe | Erst nur Fund tr/bublik.65536.126 - dann tr/trash.gen (Antivir) »


Ähnliche Themen: Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte


  1. Suspekte Internseite geöffnet, habe ich mir was eingefallen?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (5)
  2. Windows 7: Auf allen Webseiten erscheinen aus allen richtungen Werbebanner und neue Werbefenster werden automatisch göffnet.
    Log-Analyse und Auswertung - 26.04.2015 (7)
  3. Suspekte SMS vom Handy unsere Tochter erhalten
    Smartphone, Tablet & Handy Security - 03.04.2015 (4)
  4. WEB.de Server spuck beim Registrationsversuch suspekte meldung aus.
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (6)
  5. BKA Trojaner auf allen Rechnern im Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (32)
  6. Nach dem Scan mit GMER hat er Festgestellt dass System Modifikationen bestehen
    Log-Analyse und Auswertung - 12.02.2014 (11)
  7. IE 10 öffnet bei allen Rechner im Netzwerk viele Tabs
    Log-Analyse und Auswertung - 11.10.2013 (3)
  8. Abuse Brief von Telekom Schadprogramm ZeuS/ZBot mehrere Geräte im Netzwerk
    Log-Analyse und Auswertung - 29.08.2013 (9)
  9. HiJackFree findet einige suspekte Einträge
    Log-Analyse und Auswertung - 22.04.2012 (23)
  10. Paranoid vielleicht :)
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (5)
  11. Gozi-Befall: Ausbreitung auf andere angeschlossenen Geräte bzw. Rechner im Netzwerk?
    Plagegeister aller Art und deren Bekämpfung - 30.11.2010 (17)
  12. svchost.exe lastet den PC in allen Bereichen (Festplate, Netzwerk, CPU) aus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (2)
  13. Suspekte Datei
    Alles rund um Windows - 28.06.2008 (5)
  14. vielleicht paranoid ??
    Log-Analyse und Auswertung - 25.10.2007 (1)
  15. Suspekte Fehler; Geräte Manager leer; ...usw
    Plagegeister aller Art und deren Bekämpfung - 17.02.2006 (7)
  16. Verseucht oder Paranoid
    Plagegeister aller Art und deren Bekämpfung - 27.01.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte - gutentag, es mag spekulation sein dennoch bin ich mir relativ sicher das hier etwas nich mit rechten dingen zugeht! avira hat nichts gefunden.. laptop startet, reagiert & fährt immer langsamer - Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte...
Archiv
Du betrachtest: Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131