|
Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte gutentag, es mag spekulation sein dennoch bin ich mir relativ sicher das hier etwas nich mit rechten dingen zugeht! avira hat nichts gefunden.. laptop startet, reagiert & fährt immer langsamer herunter der pc verhält sich ähnlich. ich fürchte um meine anonymität und hab angst das ich überwacht werde! habe den pc jetzt neu aufgesetzt das wlan am router abgeklemmt und am laptop deaktiviert. um mir sicher zu sein das mein frisch aufgesetzter pc sicher ist bitte ich um eine überprüfung der angehängten logs. dankend, diaz OTL: OTL logfile created on: 17.03.2013 14:13:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free 12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe PRC - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe PRC - [2011.08.21 17:47:28 | 000,596,992 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe PRC - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe PRC - [2009.07.07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.06.11 21:14:26 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\C2DtoG15\LgLcdLibWrapper.dll MOD - [2009.07.30 14:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2013.03.15 18:02:47 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2006.11.02 12:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc) SRV - [2013.03.16 00:14:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013.03.16 00:12:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) [Auto | Running] -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe -- (SystoG15Svc) SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.15 23:24:47 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.03.15 18:02:50 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MCfilt64.sys -- (MCfilt) DRV:64bit: - [2013.03.15 18:02:47 | 000,478,208 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2013.03.15 17:56:22 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SRTSPX64.SYS -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2012.04.18 03:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2008.09.19 09:04:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008.07.16 10:11:00 | 000,092,672 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol) DRV:64bit: - [2008.07.10 10:11:00 | 000,024,576 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol) DRV - [2013.03.15 14:47:37 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15) DRV - [2013.03.15 14:47:37 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.03.15 14:47:37 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.03.15 14:47:37 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG) DRV - [2013.03.13 15:58:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130313.003\IDSviA64.sys -- (IDSVia64) DRV - [2013.03.01 02:09:56 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2008.07.26 22:30:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 25 C3 B8 E7 21 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013.03.15 17:53:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.03.17 13:31:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:10:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 14:47:41 | 000,000,000 | ---D | M] [2013.03.15 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Extensions [2013.03.15 17:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Firefox\Profiles\k8pqwaiq.default\extensions [2013.03.15 17:23:09 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2013.03.15 17:22:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.15 14:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.16 18:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - Startup: C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E0E366-63D4-44E8-ABB1-952021989F07}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\gopher - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.03.17 14:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe [2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2013.03.16 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\DivX [2013.03.16 18:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.03.16 18:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.03.16 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013.03.16 18:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013.03.16 18:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.03.16 17:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamSpy [2013.03.16 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamSpy [2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivX [2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Playa [2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivXCodec [2013.03.16 16:18:45 | 001,200,640 | ---- | C] (Fath Software ( www.fathsoft.com )) -- C:\Windows\SysWow64\csCapx.ocx [2013.03.16 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\vlc [2013.03.16 16:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2013.03.16 05:22:02 | 000,000,000 | ---D | C] -- C:\Users\diaz\Desktop\Perry Rhodan - Silber Edition 02 [2013.03.16 03:46:15 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\WinRAR [2013.03.16 03:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\C2DtoG15 [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C2DtoG15 [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C2DtoG15 [2013.03.16 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Logitech [2013.03.16 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\NVIDIA [2013.03.16 01:46:30 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Leadertech [2013.03.16 01:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.16 01:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.16 01:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logitech [2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logishrd [2013.03.16 00:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2013.03.16 00:14:15 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll [2013.03.16 00:14:15 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.16 00:14:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.16 00:14:14 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll [2013.03.16 00:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center [2013.03.16 00:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.03.16 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2013.03.16 00:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2013.03.16 00:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.03.16 00:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell [2013.03.15 23:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell [2013.03.15 23:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 4.0 [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.15 23:35:57 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.15 23:35:57 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.03.15 23:35:57 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.03.15 23:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.03.15 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\TuneUp Software [2013.03.15 23:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.03.15 23:33:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.15 23:33:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.15 23:27:34 | 000,000,000 | ---D | C] -- C:\RaidTool [2013.03.15 23:25:59 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2013.03.15 23:00:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.15 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.15 22:44:49 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.03.15 22:44:49 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.03.15 22:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.03.15 22:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.15 22:02:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.03.15 21:29:47 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys [2013.03.15 21:29:47 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys [2013.03.15 21:29:47 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys [2013.03.15 21:29:47 | 000,445,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symtdiv.sys [2013.03.15 21:29:47 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys [2013.03.15 21:29:47 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys [2013.03.15 21:29:47 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys [2013.03.15 21:29:47 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys [2013.03.15 21:29:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E [2013.03.15 20:42:01 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\LolClient [2013.03.15 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\PMB Files [2013.03.15 18:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.15 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2013.03.15 18:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2013.03.15 18:20:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.15 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices [2013.03.15 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\InstallShield [2013.03.15 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2013.03.15 17:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2013.03.15 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.15 17:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.15 17:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.15 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.15 17:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.15 17:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\ElevatedDiagnostics [2013.03.15 16:55:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2013.03.15 16:55:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2013.03.15 16:55:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2013.03.15 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\CrashDumps [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Macromedia [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Macromedia [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Adobe [2013.03.15 16:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.15 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.15 15:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Mozilla [2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Mozilla [2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.15 14:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.15 14:32:53 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.03.15 14:32:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.03.15 14:32:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.15 14:30:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite [2013.03.15 14:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.15 14:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.03.15 14:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.15 14:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adjustment Pattern software [2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adjustment Pattern software [2013.03.15 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.03.15 14:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\Searches [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.15 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Identities [2013.03.15 14:14:42 | 000,000,000 | R--D | C] -- C:\Users\diaz\Contacts [2013.03.15 14:14:42 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\VirtualStore [2013.03.15 14:14:39 | 000,000,000 | --SD | C] -- C:\Users\diaz\AppData\Roaming\Microsoft [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Videos [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Saved Games [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Pictures [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Music [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Links [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Favorites [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop\Downloads [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Documents [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Vorlagen [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Verlauf [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Temporary Internet Files [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Startmenü [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\SendTo [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Recent [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Netzwerkumgebung [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Lokale Einstellungen [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Videos [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Musik [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Eigene Dateien [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Bilder [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Druckumgebung [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Cookies [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Anwendungsdaten [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Anwendungsdaten [2013.03.15 14:14:39 | 000,000,000 | -H-D | C] -- C:\Users\diaz\AppData [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Temp [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Microsoft [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Media Center Programs [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.15 14:10:30 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2013.03.15 14:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.15 13:59:27 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2013.03.15 13:57:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.15 13:57:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.15 13:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.03.15 13:56:42 | 000,000,000 | -HSD | C] -- C:\Boot ========== Files - Modified Within 30 Days ========== [2013.03.17 14:12:22 | 000,000,000 | ---- | M] () -- C:\Users\diaz\defogger_reenable [2013.03.17 14:11:06 | 000,377,856 | ---- | M] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe [2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe [2013.03.17 14:09:35 | 000,050,477 | ---- | M] () -- C:\Users\diaz\Desktop\Defogger.exe [2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 13:36:59 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.17 13:36:59 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.17 13:36:59 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.17 13:36:59 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.17 13:36:59 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.17 13:31:34 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.03.17 13:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.16 16:24:25 | 000,228,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.16 16:24:08 | 002,416,886 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB [2013.03.16 02:10:03 | 000,249,856 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.exe [2013.03.16 02:10:03 | 000,000,922 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp [2013.03.16 02:03:07 | 000,000,882 | ---- | M] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.03.16 00:14:18 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.03.16 00:14:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.16 00:14:15 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.16 00:11:12 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2013.03.15 22:44:35 | 000,001,460 | ---- | M] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat [2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2013.03.15 19:51:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.15 19:51:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.15 18:35:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.15 18:35:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.15 17:56:22 | 000,015,680 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys [2013.03.15 17:43:18 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll [2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.03.15 16:54:44 | 002,686,976 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2013.03.15 16:54:44 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2013.03.15 16:54:44 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2013.03.15 14:04:06 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.03.15 13:56:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK ========== Files Created - No Company Name ========== [2013.03.17 14:12:22 | 000,000,000 | ---- | C] () -- C:\Users\diaz\defogger_reenable [2013.03.17 14:10:13 | 000,377,856 | ---- | C] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe [2013.03.17 14:09:34 | 000,050,477 | ---- | C] () -- C:\Users\diaz\Desktop\Defogger.exe [2013.03.16 16:18:45 | 000,999,424 | ---- | C] () -- C:\Windows\SysWow64\fathmail.dll [2013.03.16 02:03:07 | 000,000,882 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.03.16 00:14:24 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini [2013.03.16 00:14:24 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2013.03.16 00:14:24 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2013.03.16 00:14:24 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2013.03.16 00:14:18 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.03.16 00:14:18 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.03.16 00:14:18 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.03.16 00:14:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.03.16 00:14:18 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.03.16 00:09:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013.03.16 00:09:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2013.03.15 23:35:41 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.03.15 22:38:12 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.15 22:04:30 | 002,416,886 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB [2013.03.15 21:29:47 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv64.cat [2013.03.15 21:29:47 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.cat [2013.03.15 21:29:47 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet64.cat [2013.03.15 21:29:47 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.cat [2013.03.15 21:29:47 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.cat [2013.03.15 21:29:47 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.cat [2013.03.15 21:29:47 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.cat [2013.03.15 21:29:47 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.cat [2013.03.15 21:29:47 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa.inf [2013.03.15 21:29:47 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds.inf [2013.03.15 21:29:47 | 000,001,469 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv.inf [2013.03.15 21:29:47 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet.inf [2013.03.15 21:29:47 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.inf [2013.03.15 21:29:47 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.inf [2013.03.15 21:29:47 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.inf [2013.03.15 21:29:47 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.inf [2013.03.15 21:29:43 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symvtcer.dat [2013.03.15 21:29:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini [2013.03.15 19:51:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.15 19:51:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.15 18:19:27 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll [2013.03.15 18:19:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2013.03.15 18:19:22 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.03.15 18:19:15 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf [2013.03.15 18:19:14 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf [2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin [2013.03.15 18:19:10 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf [2013.03.15 18:19:03 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF [2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs [2013.03.15 18:18:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man [2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man [2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml [2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml [2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml [2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml [2013.03.15 17:44:14 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2013.03.15 17:44:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2013.03.15 17:44:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.03.15 17:43:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin [2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex [2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex [2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2013.03.15 16:54:42 | 002,686,976 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2013.03.15 16:54:42 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2013.03.15 16:54:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2013.03.15 15:01:35 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf [2013.03.15 14:47:42 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.15 14:32:53 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.15 14:32:53 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.15 14:14:55 | 000,000,949 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.03.15 14:14:53 | 000,000,979 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.15 14:14:52 | 000,000,974 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.03.15 14:14:42 | 000,000,915 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2013.03.15 14:14:40 | 000,001,460 | ---- | C] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat [2013.03.15 14:03:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [2013.03.15 13:56:43 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2013.03.15 13:56:42 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2009.05.20 01:08:44 | 000,249,856 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.exe [2009.05.12 13:21:30 | 000,000,922 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp ========== ZeroAccess Check ========== [2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.16 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\Leadertech [2013.03.15 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\LolClient [2013.03.15 23:35:31 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 17.03.2013 14:13:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free 12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 37 7B DB 41 A5 21 CE 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0987D816-F1FA-40E5-A878-E076692987F2}" = lport=57295 | protocol=6 | dir=in | name=pando media booster | "{0B572DD7-4FAE-4B86-949E-C5591C76F821}" = lport=57295 | protocol=6 | dir=in | name=pando media booster | "{0CB60C75-5F55-4474-B2F4-D12BE4EACD38}" = rport=138 | protocol=17 | dir=out | app=system | "{0F2B3D97-CCC6-4147-99CF-1819C839347B}" = lport=138 | protocol=17 | dir=in | app=system | "{20945B7B-A2E6-4C47-9629-441193CC563F}" = lport=57295 | protocol=17 | dir=in | name=pando media booster | "{2D11DF45-CD6F-4A66-B4CF-5714D12546F9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{33588CC5-4B60-48D1-A8AE-960B0478495B}" = rport=2869 | protocol=6 | dir=out | app=system | "{4783F460-6428-4938-AF27-9CBAE0BE3BE6}" = lport=139 | protocol=6 | dir=in | app=system | "{50457261-10B7-4D92-AF99-FAD0758EBB81}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{50E7328B-4873-4873-B1DA-C2F4AC4ADAF8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5C255983-0BC8-41A2-B413-C665D77EDE3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5C38391C-96E3-4306-9FC9-BA3D1DBC7BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D01F0A9-33A9-4B25-B664-D746E6FDD6DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FEEDB73-1BEC-4480-8AF2-C19C41D7853C}" = lport=2869 | protocol=6 | dir=in | app=system | "{6F1595C8-DC81-4E77-88B2-265D79AF1E87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{71825774-A525-4687-A5CC-5F64B363F314}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{75A94D37-8299-4436-B685-D93FD58DC329}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{78BE65F4-8444-4C7E-8E2F-26E28A14AA48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9024F2C6-A6C5-4139-B52A-88877B77FAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9396CC3E-FB14-4255-8C5F-491ECB790797}" = rport=139 | protocol=6 | dir=out | app=system | "{97AFE8E0-46B0-4B47-AC8D-D080EB60A070}" = rport=137 | protocol=17 | dir=out | app=system | "{9EA1BD84-E86A-4096-B87E-A375F42318B6}" = lport=445 | protocol=6 | dir=in | app=system | "{B0E4D813-5C1C-439C-A4A0-937B378AFE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B7F11CBC-C568-4F46-B97B-8A5B9FFF876A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B96D8156-D411-4EAC-A4AA-4C71510FB8EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF6CAB99-935A-4985-87B0-3EC14B14F1EF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DFC026F5-F886-4699-A6D2-91E5631E603B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E5073BDC-78EF-49D6-A4FD-AB090C82B24A}" = lport=57295 | protocol=17 | dir=in | name=pando media booster | "{FB2B6968-6E2D-4267-9163-045C06AF90DA}" = lport=137 | protocol=17 | dir=in | app=system | "{FC79926B-24B0-4BF0-A45E-C6B18A8CE2DA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13C39439-66DA-4DE7-ACF8-D2DA26645A17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{16B4D10D-598A-4D9D-9DC7-8AF002394F9E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1CD994E6-C4AA-43B8-85C5-B8500E4B3E5E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3B3C6A21-62F1-4EDE-8F67-A8EDDAFB6A82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{3B83B249-8C4C-4191-B3AA-D5DBA3DA9B49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{46A6BA27-5CFD-4E1E-810B-ABC3F684AB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{6245CFA6-16DA-40BA-82AB-001D2B179261}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{6A18A6A3-27DE-47A1-965F-C6E4B43A82CC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7DFCB4E9-CF5B-49E1-A76C-9A689F5B0285}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{8221BF91-4616-436E-B570-31750CB189E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{82296784-2B7F-4636-BBF9-E8A52CA80176}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{94EB5FB1-8995-4D7F-9F3A-59A2D4152763}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B19B7B0-98B3-4372-BFF3-ACE747DF35AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{BB718295-B2CD-442C-9FB2-534709679D76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC5BBB16-C340-4E40-A4AF-21BC304D92C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CCB6D13F-47D1-4A63-9FEB-57A76D3E1396}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CE3C28B7-4E07-43C4-AB96-8E8F95C203B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CE6E0C82-F68D-4740-928E-A6E92B891AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{D62C958C-1E5E-4D8A-A873-34C1B3E05992}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EDB510E5-0F7C-433B-BAEC-341D1274D941}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{FED8ED2E-7437-46CA-988B-B9BC68FC4361}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.2.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility "{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{922A36F5-6663-45C0-A515-B63C4E585195}" = TweakIt "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin "Adjustment Pattern software utility" = Adjustment Pattern software utility "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CamSpy_is1" = CamSpy V.5.0.5 "DivX Setup" = DivX-Setup "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8 "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "ThePlaya" = The Playa "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.5 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.03.2013 19:29:45 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 15.03.2013 19:42:02 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 15.03.2013 23:51:05 | Computer Name = diaz-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung LolClient.exe, Version 2.0.2.12610, Zeitstempel 0x4c00573a, fehlerhaftes Modul Adobe AIR.dll, Version 3.6.0.5920, Zeitstempel 0x510610d1, Ausnahmecode 0xc0000005, Fehleroffset 0x001cf816, Prozess-ID 0x1224, Anwendungsstartzeit 01ce21d88a9c9813. Error - 16.03.2013 08:45:18 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 11:09:30 | Computer Name = diaz-PC | Source = System Restore | ID = 8193 Description = Error - 16.03.2013 11:25:19 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 12:18:48 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 13:09:36 | Computer Name = diaz-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.03.2013 18:12:24 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 17.03.2013 08:31:53 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:13:01 | Computer Name = diaz-PC | Source = HTTP | ID = 15016 Description = Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:53:20 | Computer Name = diaz-PC | Source = HTTP | ID = 15016 Description = < End of report > Gmer: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-17 14:43:36 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 ST31000524AS rev.JC4B 931,51GB Running: gmer_2.1.19155.exe; Driver: C:\Users\diaz\AppData\Local\Temp\kxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- EOF - GMER 2.1 ---- |
Hallo und :hallo: Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
hallo und vielen dank! habe mir damals die ultimate version gekauft da ich dachte das sie evtl features enthält die ich für meinen heim-pc noch brauchen kann. mit weiteren logs kann ich leider nicht aufwarten. edit: habe mit norton internet security einen vollständigen systemscan gemacht jedoch ohne befund. dieser wurde bereits vor 2 tagen vor thread erstellung durchgeführt. |
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
hallo, hier die erforderlichen logs der scanner. dankend diaz log mbar: Code: Malwarebytes Anti-Rootkit BETA 1.01.0.1021Code: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Softwarelog TDSSKiller: Code: 18:49:09.0589 2828 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 |
Dann bitte jetzt Combofix ausführen: Scan mit Combofix
|
mahlzeit, habe soeben Combodix laden wollen - als ich die datei zum download auswählte und sich das seperate download fenster des browsers (firefox) öffnete, reagierte der browser & das download fenster nicht mehr. es liess sich weder über rechtsklick schliessen noch über den taskmanager. beide fenster waren weiss. nach ca.1min liessen sie sich wieder schliessen und ich konnte den vorgang ohne probleme durhführen. edit: nachdem ich gerade den browser erneut startete wurde die abfrage getsellt ob ich diesen als standardsbrowser auswählen möchte. das war er bereits - verwunderlich log Combofix: Code: ComboFix 13-03-20.01 - diaz 20.03.2013 13:03:22.1.8 - x64 |
JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
|
liess mir keine ruhe habs grad eben vorm vorm schlafen noch durchgejagt! log: JRT Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~log AdwCleaner: Code: # AdwCleaner v2.115 - Datei am 21/03/2013 um 00:36:34 erstellt |
otl & extras musst ich zippen.. |
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
|
hallo, da bin ich ja mehr oder weniger erleichtert das es soweit gut aussieht. lieber währe mir ein fund gewesen um die ratte auszumerzen! malware bytes & eset scan war negativ. habe meinen laptop, welcher evtl infiziert ist, allerdings nicht wieder ans netzwerk/wlan angeschlossen da mir das risiko zu gross ist meinen frisch aufgesetzten & eingerichteten pc zu infizieren. werde bei gelegenheit alle virenscanner auf cd brennen & dann drüberlaufen lassen. es gibt doch sicher auch möglichkeiten auf ein system zuzugreifen ohne trojaner oder programme zu verwenden bzw. diese auf dem system installiert sind!? wenn, welche währen das und wie schütze ich meinen pc gegen speziell auf mich gerichtete angriffe. sprich wie mache ich meinen rechner 100 % sicher gegen ungebetene gäste. falls ihnen da ein tut oder ähnliches in den sinn kommt bzw. sie den ein oder anderen link zum schlaumachen hätten wäre das sehr praktisch. ich bin im übrigen schwer auf begeistert von der hilfestellung und !kostenlosen! überprüfung meines problems durch kompetente it spezialisten! ich werde mich, meinen möglichkeiten entsprechend, über die spendenoption erkenntlich zeigen - vielen dank! hab doch tatsächlich vergessen das log von eset anzuhängen bevor ich das tool mit allem dazugehörigen deinstalliert hab.. lass es eben nochmal durchlaufen! Code: ESETSmartInstaller@High as downloader log: |
Zitat:
Zitat:
Und bitte auch das Log von MBAM posten, wie ich anfangs erwähnt habe sollen alle Logs gepostet werden egal ob mit oder ohne Funde |
ich gehe davon aus das man auch auf ein system zugreifen kann ohne das bereits ein trojaner auf dem system ist. offene ports, angreifbare windowsdienste etc.. & dagegen würde ich mich gern schützen! hab heute mal etwas mehr freie zeit und bin gerade während des durchstöberns des boards auf http://www.trojaner-board.de/96344-a...g-rechners.htm gestossen. dort wurde ich auf eine seite "hxxp://ntsvcfg.de" aufmerksam welche automatisierte scripte zur konfiguration der sicherheitslücken bietet - jedoch leider, so wie es mir scheint, nur für xp. unter der windows7/vista rubrik gibts es diese nicht und man muss die einstellungen manuell vornehmen. da bin jedoch beim pfad hängengeblieben "Start -> Control Panel -> System and Security -> Administrative Tools -> Services" find ich nicht. evtl. falsches subforum.. log MBAM: Code: Malwarebytes Anti-Malware (Test) 1.70.0.1100 |
Zitat:
Aber normalerweise schottet die WindowsFirewall Zugriffe von außen ab, idR hat auch fast jeder hetzutage einen NAT/PAT Router mit Firewall Sieht soweit ok aus :daumenhoc Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:48 Uhr. |
Copyright ©2000-2025, Trojaner-Board
