| |
| |||||||
Log-Analyse und Auswertung: Laptop sehr langsam geworden und Malwarebytes hat viel gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.01.2013, 19:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Laptop sehr langsam geworden und Malwarebytes hat viel gefunden Bitte mal den aktuellen adwCleaner 2.105 runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.01.2013, 22:33
| #17 |
 | Laptop sehr langsam geworden und Malwarebytes hat viel gefundenCode:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 22:32:46 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : duki - DUKI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\duki\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\duki\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.29] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gefunden [l.32] : keyword = "ask.com",
Gefunden [l.35] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=593ced86-06a8-45e3-8bee-add322ece70b&apn_ptnrs=%5EAGU&apn_sauid=64623873-003C-4C13-B1AE-DA22D708F06D&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms}",
Gefunden [l.36] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}"
*************************
AdwCleaner[R1].txt - [11081 octets] - [07/01/2013 23:08:09]
AdwCleaner[R2].txt - [1592 octets] - [08/01/2013 22:32:46]
AdwCleaner[S1].txt - [10615 octets] - [07/01/2013 23:13:20]
########## EOF - C:\AdwCleaner[R2].txt - [1713 octets] ##########
|
|
09.01.2013, 10:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
09.01.2013, 12:06
| #19 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden ADWcleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 11:44:21 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : duki - DUKI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\duki\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\duki\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.29] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.32] : keyword = "ask.com",
Gelöscht [l.35] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=d[...]
Gelöscht [l.36] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
*************************
AdwCleaner[R1].txt - [11081 octets] - [07/01/2013 23:08:09]
AdwCleaner[R2].txt - [1782 octets] - [08/01/2013 22:32:46]
AdwCleaner[S1].txt - [10615 octets] - [07/01/2013 23:13:20]
AdwCleaner[S2].txt - [1563 octets] - [09/01/2013 11:44:21]
########## EOF - C:\AdwCleaner[S2].txt - [1623 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.01.2013 11:48:10 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\duki\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 80,28% Memory free 15,83 Gb Paging File | 14,17 Gb Available in Paging File | 89,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,30 Gb Total Space | 113,79 Gb Free Space | 61,08% Space Free | Partition Type: NTFS Drive D: | 232,87 Gb Total Space | 188,04 Gb Free Space | 80,75% Space Free | Partition Type: NTFS Drive E: | 232,89 Gb Total Space | 226,31 Gb Free Space | 97,17% Space Free | Partition Type: NTFS Drive F: | 254,46 Gb Total Space | 232,06 Gb Free Space | 91,20% Space Free | Partition Type: NTFS Computer Name: DUKI-PC | User Name: duki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\duki\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0DtD0A0FyDyE0DzytN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1220365325 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0DtD0A0FyDyE0DzytN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1220365325 IE - HKLM\..\SearchScopes\{6D96B30A-993E-DA7D-1111-1A5E23616A41}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 F1 E5 23 31 DD CC 01 [binary data] IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes,Backup.Old.DefaultScope = {F8BE66D4-0AC2-4541-AAA6-5D2C1F468362} IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{6D96B30A-993E-DA7D-1111-1A5E23616A41}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{E40379F5-66AD-43D7-A748-F477114977B2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=593ced86-06a8-45e3-8bee-add322ece70b&apn_sauid=64623873-003C-4C13-B1AE-DA22D708F06D IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{F8BE66D4-0AC2-4541-AAA6-5D2C1F468362}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms} IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\duki\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\duki\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.13 20:45:22 | 000,000,000 | ---D | M] [2012.07.06 22:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.07.06 22:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.07.06 22:58:31 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.07.06 22:58:40 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com [2012.06.28 17:39:00 | 000,221,407 | ---- | M] () (No name found) -- C:\Users\duki\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi [2012.04.12 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=593ced86-06a8-45e3-8bee-add322ece70b&apn_ptnrs=%5EAGU&apn_sauid=64623873-003C-4C13-B1AE-DA22D708F06D&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\duki\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\duki\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll CHR - Extension: FBPHOTOZOOM = C:\Users\duki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\duki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: GoPhoto.it = C:\Users\duki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.1_0\ O1 HOSTS File: ([2013.01.07 22:43:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2867643902-3779159930-1815826298-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{129D7B76-8983-4D46-BB2D-E550B9A68AF3}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A51D8718-41C6-4140-9B43-F6F8D59A6FDD}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 11:52:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.08 00:59:51 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.01.08 00:59:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.01.08 00:55:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.01.08 00:55:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.08 00:55:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.01.08 00:55:48 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.01.08 00:55:48 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.01.08 00:55:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.01.08 00:55:48 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.01.08 00:55:48 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.01.08 00:55:48 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.01.08 00:55:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.01.08 00:55:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.01.08 00:55:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.01.08 00:55:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.01.08 00:55:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.01.08 00:55:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.01.08 00:55:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.01.08 00:55:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\terminpt.sys [2013.01.08 00:55:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.01.08 00:55:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.01.08 00:55:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.01.08 00:55:47 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.01.08 00:55:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.01.08 00:55:47 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.01.08 00:55:47 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.01.08 00:55:47 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.01.08 00:55:47 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.01.08 00:51:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.01.08 00:51:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.01.08 00:51:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.01.08 00:51:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.01.08 00:51:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.01.08 00:51:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.01.08 00:51:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.01.08 00:51:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.01.08 00:51:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.01.08 00:51:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.01.08 00:51:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.01.08 00:51:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.01.08 00:51:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.01.08 00:51:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.01.08 00:51:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.01.08 00:50:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.01.08 00:50:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.01.08 00:50:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.01.08 00:50:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.01.08 00:50:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.01.08 00:50:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.01.08 00:50:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.01.08 00:50:40 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.01.08 00:47:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.01.08 00:47:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.01.08 00:47:55 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.01.08 00:47:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.07 23:12:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.01.07 23:12:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.01.07 23:12:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.01.07 23:09:01 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.01.07 23:09:00 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.01.07 23:09:00 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.01.07 23:08:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.01.07 23:08:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.01.07 23:08:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.01.07 23:08:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.01.07 23:08:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.01.07 23:08:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.01.07 23:08:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.07 23:08:45 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.07 23:08:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.07 23:08:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.07 23:08:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.07 23:08:44 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.07 23:08:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.07 23:08:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.07 23:08:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.07 23:08:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.07 23:08:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.07 23:08:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.07 23:08:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.07 23:08:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.07 23:08:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.07 23:08:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.07 23:08:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.07 23:08:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.07 23:08:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.07 23:08:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.07 23:08:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.01.07 23:08:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.01.07 23:08:27 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.01.07 23:08:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.01.07 23:08:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.01.07 22:50:56 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.01.07 22:50:55 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.01.07 22:43:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.07 22:41:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.07 22:37:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.07 22:37:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.07 22:37:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.07 22:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.07 22:33:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.06 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\duki\Desktop\mbar [2013.01.06 00:46:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.05 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Roaming\Malwarebytes [2013.01.05 19:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.05 19:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.05 19:08:40 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.05 19:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.05 19:08:30 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\Programs [2013.01.05 18:04:51 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{8C1DF56D-6404-4FDF-A7AB-1BF2FA0783AC} [2013.01.05 00:53:40 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{B4DC21B4-343C-4411-83F5-D6171BC89FDA} [2013.01.04 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{40B056F5-4DDE-4B80-8A8D-B01D91E928D3} [2013.01.03 14:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr [2013.01.03 14:53:17 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\CRE [2013.01.03 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\duki\Documents\Vuze Downloads [2013.01.03 14:40:35 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{9E30B0D9-F67D-4C7A-A57B-D1AEFF4F7176} [2013.01.02 16:01:19 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{F1DE733F-D4A4-48BD-B534-6931F15E84B8} [2013.01.01 06:42:25 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{A0D9C04D-DE47-401F-8CF0-BB85CC3B2820} [2012.12.31 12:34:36 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{95423344-D94C-4C7C-80F7-E6D02EE00061} [2012.12.30 22:06:36 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{7E0F7982-111C-4B75-B4A6-F3BC6C1D6CF7} [2012.12.30 10:06:12 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{675BAE86-7D66-4F3C-986C-7BA83B9DDCE2} [2012.12.29 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{2D684567-2521-4972-9247-5C071A4F78C1} [2012.12.29 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{AFDCE1BB-E65A-458E-9FCD-6CC62B8F935F} [2012.12.28 20:31:32 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{C16DA828-3F5F-4543-8D25-5403467DC474} [2012.12.27 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{E423695C-6C5F-4533-B19C-938DBF63A318} [2012.12.26 16:48:44 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{2047C033-A0F8-4780-9608-2C5F94AD1B24} [2012.12.25 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{87EE7C2C-DA27-40A1-B872-0BF8B3A93D4E} [2012.12.24 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{B38E4725-A843-45FF-8651-EE520A0C1071} [2012.12.23 18:44:31 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{2C59C624-2F57-439C-AEE5-F041D8FE1873} [2012.12.22 12:09:44 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{273E6167-AD3C-4CBF-85A7-416AB9E38C2A} [2012.12.21 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{3EC63B6A-14ED-42C9-B1AE-1BF737DE4B73} [2012.12.21 11:33:05 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{DDC01CA7-4C24-4579-AF7C-AE92B578257C} [2012.12.20 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{E2B7CF4A-8575-44C2-A6BD-C5D65D939E61} [2012.12.20 03:00:01 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{93553CC6-6A4F-40CD-9B5E-06087C9AFDB7} [2012.12.19 12:06:57 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{E88E04DE-3F5B-49BC-87E8-EB0C95B96CAD} [2012.12.19 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{188A70B5-82D4-4C4B-908B-71D27DE28B08} [2012.12.17 17:38:20 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{ACC57170-BDFB-4A1C-A6C8-C5EB0D402020} [2012.12.16 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{D5FA7F91-52FA-4826-8817-EDD86585F827} [2012.12.15 16:15:01 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{F2FE911C-FC0D-4FB0-8402-A453E06E25A9} [2012.12.14 10:58:55 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{39A35FB3-7B17-47CE-B11E-0674854539AE} [2012.12.13 22:41:28 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{E39BB0A8-10C5-4AB0-AB67-90B7E9E9D696} [2012.12.13 10:41:03 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{1F32BCBB-03D1-430F-AD5C-0D1DB2139BCF} [2012.12.12 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{00BF2F89-8200-4E1E-ABBE-DD9FDB620A1B} [2012.12.11 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{4D70DD99-6277-42DE-A4F7-6B6A3F538C75} [2012.12.11 08:08:49 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{4CB2650E-C19F-4D62-8EF3-998A0930770C} [2012.12.10 19:27:21 | 000,000,000 | ---D | C] -- C:\Users\duki\AppData\Local\{A0E2A01B-3544-4F1F-A416-6A1040CE9BE3} ========== Files - Modified Within 30 Days ========== [2013.01.09 11:53:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 11:46:24 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 11:46:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.01.09 11:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 11:45:44 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 11:39:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867643902-3779159930-1815826298-1000UA.job [2013.01.08 22:25:32 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 22:25:32 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 01:05:48 | 000,001,305 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.01.08 01:04:57 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.08 01:00:57 | 001,693,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.08 01:00:57 | 000,722,894 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.08 01:00:57 | 000,667,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.08 01:00:57 | 000,156,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.08 01:00:57 | 000,128,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.07 22:43:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.07 22:33:58 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2867643902-3779159930-1815826298-1000Core.job [2013.01.06 17:25:20 | 013,485,902 | ---- | M] () -- C:\Users\duki\Desktop\mbar-1.01.0.1011.zip [2013.01.06 00:46:22 | 838,877,214 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.06 00:03:54 | 000,000,000 | ---- | M] () -- C:\Users\duki\defogger_reenable [2013.01.05 19:08:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.05 10:26:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013.01.03 18:56:07 | 000,001,816 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.01.03 14:53:01 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 19:06:23 | 000,002,481 | ---- | M] () -- C:\Users\duki\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.01.08 00:59:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.08 00:50:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.07 22:37:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.07 22:37:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.07 22:37:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.07 22:37:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.07 22:37:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.06 17:24:48 | 013,485,902 | ---- | C] () -- C:\Users\duki\Desktop\mbar-1.01.0.1011.zip [2013.01.06 00:46:22 | 838,877,214 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.06 00:03:54 | 000,000,000 | ---- | C] () -- C:\Users\duki\defogger_reenable [2013.01.05 19:08:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.05 10:26:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.09.30 18:27:58 | 000,004,608 | ---- | C] () -- C:\Users\duki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.03 20:07:55 | 000,017,408 | ---- | C] () -- C:\Users\duki\AppData\Local\WebpageIcons.db [2012.01.29 14:07:33 | 000,000,512 | ---- | C] () -- C:\Users\duki\Programme (C).lnk [2012.01.27 23:45:46 | 001,700,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.27 20:44:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.01.27 20:43:55 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.01.27 20:43:55 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.01.27 20:43:04 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.01.27 20:30:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.27 20:28:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.01.2013 11:48:10 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\duki\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 80,28% Memory free
15,83 Gb Paging File | 14,17 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 113,79 Gb Free Space | 61,08% Space Free | Partition Type: NTFS
Drive D: | 232,87 Gb Total Space | 188,04 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
Drive E: | 232,89 Gb Total Space | 226,31 Gb Free Space | 97,17% Space Free | Partition Type: NTFS
Drive F: | 254,46 Gb Total Space | 232,06 Gb Free Space | 91,20% Space Free | Partition Type: NTFS
Computer Name: DUKI-PC | User Name: duki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3C818298-BEE9-45CE-A2AF-09F16C62EF2D}" = Music-DVD on CD and DVD 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DivX Setup" = DivX-Setup
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2867643902-3779159930-1815826298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.01.2013 13:56:43 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2013 14:10:30 | Computer Name = duki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
12.0.2160.11, Zeitstempel: 0x4ee886e0 Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
Version: 12.0.2160.11, Zeitstempel: 0x4ee886e0 Ausnahmecode: 0xc0000006 Fehleroffset:
0x00000000000617b0 ID des fehlerhaften Prozesses: 0x748 Startzeit der fehlerhaften
Anwendung: 0x01cdec371d09b7a9 Pfad der fehlerhaften Anwendung: C:\Program Files
(x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe Berichtskennung:
5a95c507-582c-11e2-a604-5404a634adf9
Error - 06.01.2013 14:10:30 | Computer Name = duki-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Program
Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" zugegriffen werden:
Es
besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten
Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger
fehlt. Das Programm TuneUp Utilities Service wurde wegen dieses Fehlers geschlossen.
Programm:
TuneUp Utilities Service Datei: C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C00000B5 Datenträgertyp: 3
Error - 06.01.2013 14:55:04 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2013 15:10:54 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 17:43:59 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 18:15:45 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 20:05:53 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2013 17:18:13 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2013 06:46:26 | Computer Name = duki-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.01.2013 15:55:24 | Computer Name = duki-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 06.01.2013 15:55:25 | Computer Name = duki-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 07.01.2013 17:32:00 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 07.01.2013 17:32:00 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 07.01.2013 17:36:18 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 07.01.2013 17:40:27 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 07.01.2013 17:41:31 | Computer Name = duki-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 07.01.2013 17:42:12 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 09.01.2013 06:49:18 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 09.01.2013 06:52:21 | Computer Name = duki-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
< End of report >
|
|
09.01.2013, 12:07
| #20 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden vielen dank nochmal für die Hilfe |
|
09.01.2013, 12:22
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefundenFixen mit OTL
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0DtD0A0FyDyE0DzytN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1220365325
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0DtD0A0FyDyE0DzytN0D0Tzu0CtCzzzztN1L2XzutBtFtCtFtDtFtAtDtC&cr=1220365325
IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{E40379F5-66AD-43D7-A748-F477114977B2}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=593ced86-06a8-45e3-8bee-add322ece70b&apn_sauid=64623873-003C-4C13-B1AE-DA22D708F06D
IE - HKU\S-1-5-21-2867643902-3779159930-1815826298-1000\..\SearchScopes\{F8BE66D4-0AC2-4541-AAA6-5D2C1F468362}: "URL" = http://start.funmoods.com/results.php?f=4&a=nv1&q={searchTerms}
[2012.07.06 22:58:31 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.07.06 22:58:40 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10263&locale=de_AT&apn_uid=593ced86-06a8-45e3-8bee-add322ece70b&apn_ptnrs=%5EAGU&apn_sauid=64623873-003C-4C13-B1AE-DA22D708F06D&apn_dtid=%5EYYYYYY%5EYY%5EAT&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - default_search_provider: Ask (Enabled)
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ --> Laptop sehr langsam geworden und Malwarebytes hat viel gefunden |
|
09.01.2013, 17:53
| #22 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefundenCode:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2867643902-3779159930-1815826298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E40379F5-66AD-43D7-A748-F477114977B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E40379F5-66AD-43D7-A748-F477114977B2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2867643902-3779159930-1815826298-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8BE66D4-0AC2-4541-AAA6-5D2C1F468362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8BE66D4-0AC2-4541-AAA6-5D2C1F468362}\ not found.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\skin folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\locale\en-US folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\locale folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\defaults\preferences folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\defaults folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\chrome\content folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com\chrome folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\duki\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\duki\Downloads\cmd.bat deleted successfully.
C:\Users\duki\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: duki
->Temp folder emptied: 53132835 bytes
->Temporary Internet Files folder emptied: 36504890 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7980265 bytes
->Flash cache emptied: 1532 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 534262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 94,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_175043
Files\Folders moved on Reboot...
C:\Users\duki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.01.2013, 23:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 01:14
| #24 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden so beide haben nichts gefunden , ich poste dir trotzdem mal die Logfile von Eset. Kannst du mir vielleicht einen gutes Internet Security empfehlen ? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=24c9431b0f4a464d9b4f3ef7a48605bd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-10 12:09:25
# local_time=2013-01-10 01:09:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 23032 109406415 0 0
# scanned=124791
# found=0
# cleaned=0
# scan_time=3391
|
|
10.01.2013, 11:40
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefundenZitat:
Poste bitte das Log von Malwarebytes, auch wenn keine Funde dabei waren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 12:04
| #26 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden es gibt aber soo viele ich weiß einfach nicht welches anti virus ich kaufen soll.Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 duki :: DUKI-PC [Administrator] Schutz: Aktiviert 10.01.2013 00:06:14 mbam-log-2013-01-10 (00-06-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230705 Laufzeit: 2 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
10.01.2013, 17:24
| #27 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefundenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 20:48
| #28 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden ok das heißt ich kann genau so ein gratis antivirus kaufe , aber mehr aufpassen beim surfen und so weiter?sorry wenn ich nerve  |
|
10.01.2013, 21:39
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden Du willst ein GRATISprogramm KAUFEN?    Nein, egal ob du ein Programm kaufst oder nicht, einfach entspannt zurücklehnen ist weder mit dem einen noch mit dem anderen möglich.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 21:45
| #30 |
| | Laptop sehr langsam geworden und Malwarebytes hat viel gefunden hahah ups nein hab mich verschrieben ich meinte ob das dann heißt das es egal ist ob ich eins kaufe oder ein gratis antivirus habe aber die frage hast du ja schon beantwortet trotzdem kannst du mir den keines empfehlen ? oder darf man das nicht ? wegen dem forum und so |
|
| Themen zu Laptop sehr langsam geworden und Malwarebytes hat viel gefunden |
| dateien, einiger, extrem, extrem langsam, gefunde, gescannt, hijack.trojan.siredef.c, langsam, laptop, logfile, malwarebytes, nciht, pup.funmoods, pup.installbrain, recycle.bin, sehr langsam, seite, trojan.0access, trojan.siredef.c, vieles |
Textbox. 
Linear-Darstellung
