| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein PC macht nicht mehr das was er soll!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.02.2013, 21:40
| #1 |
 |  Mein PC macht nicht mehr das was er soll! Hallo Ihr Lieben. Nach tagelanger suche nach der Lösung meines Problems, wende ich mich nun Hilfesuchend an Euch in der Hoffnung, dass Ihr mir helfen könnt! Das Problem begann vor 3 Tagen. Mein Freund ist WoW-Spieler und war gerade fleißig am zocken, als plötzlich nichts mehr so funktionierte wie es eigentlich sollte. Zuerst konnte er nicht mehr schreiben. Sobald er anfing zu schreiben, hat sich das Schreibfenster auch schon wieder geschlossen. Dann hat der PC wie ihm lustig war den Num-Lock aktiviert und deaktiviert. Beim betätigen der selbigen Taste hat der PC das Spiel minimiert. Ich habe mich dann gütig wie ich war hingesetzt und erstmal das Virenprogramm (Microsoft Security Essentials) sowie den C-Cleaner drüber laufen lassen. Der Virenscan war ohne Befund, C-Cleaner hatte einiges in der Registry gefunden was ich ihn auch gleich beheben lassen habe! Nun schien zumindest das schreiben wieder möglich. Ich dachte mir aber, das es vielleicht besser wäre den PC mal ganz neu zu Starten, was der PC aber wohl für keine so gute Idee hielt. Denn ob ich nun "Start" klickte oder die Windows-Taste benutze, das Startmenue blitzte kurz auf und schloss sich dann wieder  Vor lauter Panik, dass der Kasten nun ganz schlapp macht, habe ich erstmal alle wirklich wichtigen Daten auf nen Stick gepackt, was kein leichtes unterfangen war, denn Dateien per Maus verschieben war nicht. Also war "Ausschneiden" und "Einfügen" angesagt. Als nun die wichtigen Dateien gesichert waren, habe ich mit an den Laptop gehängt und recherchiert was ich tun könnte, bzw was überhaupt das Problem ist. Wirklich finden konnte ich aber nichts. Dann kam mir die Idee vielleicht das Reperatur Programm von Windows drüber laufen zu lassen und siehe da, das Problem scheint nach mittlerweile 5-6 Stunden Schweiß gebannt. DENKSTE! Am nächsten morgen das selbe Problem, nur das ich nun fast garnichts mehr machen durfte! Der PC hat ohne mein Zutun nichts gemacht aber wehe ich habe was machen wollen! Wenn ich ein Programm deinstallieren wollte, hat der PC die Deinstallation von selbst abgebrochen und all so Dinge! Gestern Nachmittag dann habe ich den Kasten mal aufgemacht, weil eine Bekannt mir geraten hatte den mal zu entstauben, könnte angeblich daran liegen. Gut er war ziemlich verstaubt, das Problem wurde trotzdem nicht behoben. Dann habe ich eine Systemzurücksetzung vorgenommen und das Problem war wieder einmal verschwunden. Bis vor einer Stunde. Da ging alles wieder von vorne los! Ich habe dann Eure Seite entdeckt und mir nach dem Rat auf der Startseite "Malwarebytes" geladen! Das lief nun 45 Minuten und hat mir folgenes geliefert! Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 TerrorKruemel :: HOME [Administrator] Schutz: Aktiviert 24.02.2013 20:55:05 MBAM-log-2013-02-24 (21-30-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369839 Laufzeit: 32 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 6 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1856 -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 1596 -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 888 -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> 3488 -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1764 -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1892 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 2 C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins\rlcm.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 7 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\bProtector|iexplore homepages (PUP.BProtector) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=69157^hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731^^ -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\bProtector|ImagePath (PUP.BProtector) -> Daten: C:\ProgramData\bProtector\bProtect.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 28 C:\ProgramData\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. Infizierte Dateien: 101 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins\rlcm.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Users\TerrorKruemel\Programme\SoftonicDownloader_fuer_toaster.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt. (Ende) Ich hoffe sehr das ihr mir helfen könnt. Ich weiss nicht was der Kerl mit seinem Rechner angestellt hat, jedenfalls scheint da wirklich was nicht i.O. zu sein!  Viele liebe Grüße und schon mal lieben Dank im Vorraus! |
|
24.02.2013, 22:29
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein PC macht nicht mehr das was er soll! Hallo und
__________________ Zitat:
  Hinweis: Registry CleanerIch sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
24.02.2013, 22:51
| #3 |
| | Mein PC macht nicht mehr das was er soll! erst einmal vieeelen Dank für die schnelle Antwort um diese Uhrzeit :-)
__________________Hier nun die OTL Berichte Code:
ATTFilter OTL logfile created on: 24.02.2013 22:35:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TerrorKruemel\Desktop\dl's 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,82% Memory free 8,00 Gb Paging File | 5,84 Gb Available in Paging File | 73,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 784,14 Gb Free Space | 84,18% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TerrorKruemel\Desktop\dl's\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (TMRG, Inc.) PRC - C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (TMRG, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe () PRC - C:\ProgramData\bProtector\bProtect.exe (bProtector) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\protector.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll () MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll () MOD - C:\Users\TERROR~1\AppData\Local\Google\Chrome\APPLIC~1\150874~1.106\gcswf32.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (RelevantKnowledge) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (TMRG, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe () SRV - (bProtector) -- C:\ProgramData\bProtector\bProtect.exe (bProtector) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2c64.sys (BIOSTAR Group) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.) DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.) DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.etype.com/?smart=1 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 3C 2E 01 C1 68 CD 01 [binary data] IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{12C1D674-2692-43A7-A4B8-97112E2C0304}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms} IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcsearchTerms}&sp=blac&t=a0731 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{DD2CC4B3-95D3-41CD-B98C-5ABB3A58ACC6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "search the web" FF - prefs.js..browser.search.order.1: "search the web" FF - prefs.js..browser.search.selectedengine: "search the web" FF - prefs.js..keyword.url: "hxxp://search.etype.com/?smart=1&query=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2013.02.24 20:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.24 20:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.26 21:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Extensions [2012.05.18 10:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions [2012.05.18 10:11:09 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.01.14 11:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions [2013.02.24 20:18:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.10.12 13:55:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.01.14 11:13:11 | 000,002,308 | ---- | M] () -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\searchplugins\askcom.xml [2013.02.22 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.19.11_0\ CHR - Extension: No name found = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\ Hosts file not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe () O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001..\Run: [LG LinkAir] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CE8280-4C11-4AC0-909E-483D19D5053D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (protector.dll) - File not found O20 - AppInit_DLLs: (protector.dll) - C:\Windows\SysWow64\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.24 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Roaming\Malwarebytes [2013.02.24 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.24 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.24 20:54:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.24 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.24 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Local\Programs [2013.02.24 20:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2013.02.21 22:08:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.02 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.02 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2013.02.24 22:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.24 20:54:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.24 20:31:34 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 20:31:34 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.24 20:23:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.24 20:23:02 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.02.09 19:39:33 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.09 19:39:33 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.09 19:39:33 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.09 19:39:33 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.09 19:39:33 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.08 14:29:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 14:29:14 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.06 14:54:53 | 000,002,630 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg [2013.02.04 20:26:38 | 000,005,026 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg [2013.02.04 20:26:22 | 000,163,726 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg [2013.02.02 22:18:51 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2013.02.24 20:54:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 14:54:51 | 000,002,630 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg [2013.02.04 20:26:37 | 000,005,026 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg [2013.02.04 20:26:18 | 000,163,726 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg [2013.02.02 22:18:50 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.20 16:16:48 | 000,793,080 | ---- | C] () -- C:\Windows\SysWow64\protector.dll [2012.04.26 13:30:04 | 000,001,518 | ---- | C] () -- C:\Users\TerrorKruemel\.recently-used.xbel [2012.03.11 12:09:55 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat [2011.12.25 10:59:45 | 000,000,045 | ---- | C] () -- C:\Users\TerrorKruemel\autorun.inf [2011.12.25 10:51:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2011.07.26 06:40:37 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 22:35:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,82% Memory free
8,00 Gb Paging File | 5,84 Gb Available in Paging File | 73,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 784,14 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087D1E92-16BB-4A91-AE3C-C7CF3E6C9D82}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A0C684C-6560-4B18-B7BD-2CABD23EC615}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ACC75E7-2469-4243-9966-ECAAA657D013}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{27EF9B0A-54E4-46EF-91A8-465EB335C4CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C8B43D6-FC3B-4D4F-A672-6729F6261633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31C2F67A-0039-4EB9-AE0E-09AE1016200B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4176BC52-6562-4D24-BE96-561D91055967}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{451FF838-EF5C-4734-B0F3-9A29581B51C6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{54595E22-E7A0-4284-821E-89641D43F945}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AF9545B-5CB2-45C1-B265-85D7DCD0788C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B079709-196B-443E-971E-5BF923242D9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C9A864A-B901-4107-BD18-811D4943AA54}" = lport=138 | protocol=17 | dir=in | app=system |
"{609806D6-9977-4B63-960F-F8E7181F34DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6260245C-8458-4F82-AFD1-B66E57ABB419}" = rport=139 | protocol=6 | dir=out | app=system |
"{72EADCBF-FAF9-4593-A362-BD242AA94198}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EE8CBB8-F2A9-4EB1-83F8-FFFFA3B83761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{840C278B-ED4A-4DC3-BD88-0723CBFAC0A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{873BA7DE-B505-4AF9-9E9A-593112A2FD7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9000B06D-25DA-4AA7-A072-AE70B430FB3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0443364-D60C-422F-82F7-4A6A85687AC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A46F768D-18AC-4547-9D3C-5C6EE2533E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7BD3957-EE7C-4CFD-AC01-F0BF7EFE719C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD49E7E4-BF0E-437A-A553-B65F1779285B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFF29CF9-CF01-4B38-822A-7F3D70FF0FD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5B0BDB9-4673-4BC1-8781-1371E8B557D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9234865-CEC6-486F-BFDA-4DEF9A8D3F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C498A6C9-D33B-47DA-A43E-FBC084A54BF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D3614A2C-E5C9-4B14-9C35-6C08CB333FFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{D64FF27D-592D-46FB-9DDC-DA5671211A03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D77A0698-53CA-4BA9-83EA-5F5D69A8264A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE27FB9E-4BCF-4918-BC8D-9F8DE1583A98}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0C92863-19C8-47FA-A3FB-FD6C0D1883A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{ED3D4138-B44F-4CC3-A605-5057557D705E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE943F0E-8592-456F-97BB-B7BB63E4AF26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F53FFC14-57C4-43BF-8EF5-8121985B29C8}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AD2C34-519E-4D88-AB15-5CE50883767E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0F663FE8-8FA3-4981-A42F-6ED2355FC1BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{148EA85A-DE9D-4B6C-B786-931E1A794FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17F5EFB7-38FC-493A-A6F3-95BF9604F6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{1A20A954-1C18-4E70-A609-1882E2378615}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E427FF2-D2D6-4EBF-992F-B0BC831F74DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22B3213B-52BA-48DD-944D-E943C8C6E90B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22D71BD7-AE80-4150-A4FC-CACDE2503579}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2523E811-A6E5-417F-97EF-7818C13EBB55}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{2AA3B9A0-9DF3-4172-8164-10587577CA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2EBF4371-9E4D-4C4A-B666-08CE27055F40}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{31692A4C-6CAE-4520-87DC-71123056AA0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{44DBB525-BEE1-4540-A232-E681AA1ED0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4BC1593D-1883-42FB-9CEF-33303F7D2416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{523E77F7-FDC5-4EA3-98FC-6B6AB22C5553}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{591CCF63-CC02-4CD8-A1C4-C1024A045043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A3EDEF9-60B1-4004-80BA-7F1893F6A83C}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{5B857988-2FAC-4D6B-8AD8-C2E2048326E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{5DF620A6-0DB2-4BD0-BF8F-77E7ACB9CD09}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{5F363ACF-F3CA-4075-AD2A-7C8AD07A3DAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F778C35-C34C-4F2B-ADA0-6ED2321D7DB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FBF93D1-DD07-466C-BDC5-B54B1047B5F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6671CB26-704F-44C5-8A83-0C73F81A91EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F2CE35E-C83B-439B-A7BD-D6DF42B56280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{735241CA-9C0C-493C-9F82-A57EB0D177A5}" = protocol=6 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe |
"{7B29728D-3EC6-4D32-84DE-6A9CC895C5C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7D36425E-734B-49F4-8B93-F30BB8B934F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80E0CB1D-A940-4FCC-AF19-E06CF650F2EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8245FFBF-DCD7-4F93-BF9C-6176518C6848}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{8F6DB27C-24BC-46E2-B4AD-32A995D89A83}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9205CAF7-4181-4CB2-9EBB-403AF66AC537}" = protocol=17 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe |
"{923B5468-EDB6-4073-8024-88E32AE99A58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A29E2A1E-785E-4E58-8C4D-EB80A69D309F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6141802-88FF-4B01-ACD6-3C922BCC089F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{BBF1E774-CAF2-404F-BDE0-115DE88D56B5}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{C1FCF136-ADA3-41E6-A642-8DC5EA22368A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CD1DC6E0-6FC6-45E0-A0CC-8263CB3FB3DB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD23AC41-9CA2-4B56-B5AB-D11672110B0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DD0973B6-52DE-4A08-A15F-4A72BED3489E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFF0DCA3-6DD6-4815-9010-2A0C5259F7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E281FB66-6AD5-4C9C-8ED4-5A11E5560014}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{E4BD1750-3C1D-4B37-873D-15F31633F7B9}" = protocol=6 | dir=out | app=system |
"{E90626D8-ABFA-4DC3-864B-78E98C229CBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E97433AF-5345-45D2-A79F-1F6E7C143BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{EF77647B-2E80-43CE-9195-BB7E09FBE5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F28571BE-864F-42C5-910B-DDDE0870D11C}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F912CF1E-D4A8-48A8-86A1-0D9D4128C98D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6A2256-8082-4202-944D-65DABF3AC4DF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{16EE200C-E069-4B51-8AA4-449C564F6A47}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{44A56481-7E79-4E50-BF2D-7DFDD7FB52D1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{AA225459-74F7-4275-9F11-89087490141F}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=6 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe |
"UDP Query User{101104BD-475C-47A7-A63C-969F4EF1C9A1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"UDP Query User{60EEDCB2-00AE-4E0B-93D3-9D3B6D11FA89}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=17 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe |
"UDP Query User{B76ED0F6-4D9A-4315-A8EC-C69D8AE19F6E}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6540D6AD-4218-444D-84EC-E6C85F35EE31}" = Eldorado
"{6642BF47-D82A-447B-90E7-658FA865AFD7}" = Temperature Monitor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"Updater Service" = Updater Service
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.02.2013 04:08:27 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 07:37:06 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 07:46:06 | Computer Name = Home | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
Error - 20.02.2013 07:46:28 | Computer Name = Home | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Failed to make the SOAP Call HResult: 0x800c0005.
Exception caught while trying to report the Update Event
Error - 20.02.2013 12:02:43 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 03:21:17 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 07:41:04 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 14:58:36 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 15:05:09 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 15:41:16 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 15:48:10 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 15:54:33 | Computer Name = Home | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\TerrorKruemel\Downloads\SoftonicDownloader_fuer_secret-maryo-chronicles.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 21.02.2013 16:47:50 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 07.05.2012 08:07:45 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 14:07:45 - Fehler beim Herstellen der Internetverbindung. 14:07:45
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 08:07:53 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 14:07:50 - Fehler beim Herstellen der Internetverbindung. 14:07:50
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 17:19:04 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 23:19:04 - Fehler beim Herstellen der Internetverbindung. 23:19:04
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 17:19:13 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 23:19:10 - Fehler beim Herstellen der Internetverbindung. 23:19:10
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 18:19:18 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 00:19:18 - Fehler beim Herstellen der Internetverbindung. 00:19:18
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 18:19:24 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 00:19:23 - Fehler beim Herstellen der Internetverbindung. 00:19:23
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 19:19:28 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 01:19:28 - Fehler beim Herstellen der Internetverbindung. 01:19:28
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 19:19:34 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 01:19:33 - Fehler beim Herstellen der Internetverbindung. 01:19:33
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 20:19:38 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 02:19:38 - Fehler beim Herstellen der Internetverbindung. 02:19:38
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 20:19:44 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 02:19:43 - Fehler beim Herstellen der Internetverbindung. 02:19:43
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.02.2013 15:20:20 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:20:32 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:20:32 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:23:20 | Computer Name = Home | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 24.02.2013 15:23:20 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 24.02.2013 15:23:22 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:23:29 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:23:29 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 24.02.2013 15:25:27 | Computer Name = Home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.02.2013 15:25:27 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
24.02.2013, 23:01
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll! Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.02.2013, 23:53
| #5 |
| | Mein PC macht nicht mehr das was er soll! Soo als erstes mal den Log von GMER: Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 23:17:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST31000524AS rev.JC4B 931,51GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\TERROR~1\AppData\Local\Temp\pgddipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefdb450a0 7 bytes {JMP QWORD [RIP+0xd3b1e2]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefdb451f4 7 bytes {JMP QWORD [RIP+0xd3b0be]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0xf8124e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0xf8183e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0xf820ce]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0xf8457e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0xf87f2e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xf8d5fe]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0xf8de3e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0xf8e9ce]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xf8eafe]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0xfa78be]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xfae07e]}
.text C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xfae49e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0x119124e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0x119183e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0x11920ce]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0x119457e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0x1197f2e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x119d5fe]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0x119de3e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0x119e9ce]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0x119eafe]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0x11b78be]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x11be07e]}
.text C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x11be49e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefdb450a0 7 bytes {JMP QWORD [RIP+0xd3b1e2]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefdb451f4 7 bytes {JMP QWORD [RIP+0xd3b0be]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0xf8124e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0xf8183e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0xf820ce]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0xf8457e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0xf87f2e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xf8d5fe]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0xf8de3e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0xf8e9ce]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xf8eafe]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0xfa78be]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xfae07e]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xfae49e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075a6103d 5 bytes JMP 00000001100459d8
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000075a7d3ab 5 bytes JMP 00000001100449b3
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007516124e 5 bytes JMP 0000000110041eeb
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007516129d 5 bytes JMP 00000001100437eb
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!sendto 00000000753134b5 5 bytes JMP 0000000110044fba
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075313918 5 bytes JMP 0000000110043438
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075314406 5 bytes JMP 0000000110043fb2
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!recv 0000000075316b0e 5 bytes JMP 0000000110044429
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!connect 0000000075316bdd 5 bytes JMP 0000000110042f4b
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!send 0000000075316f01 5 bytes JMP 0000000110043a40
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075317089 5 bytes JMP 0000000110046a69
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000075317489 5 bytes JMP 00000001100446c2
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007531b6dc 5 bytes JMP 0000000110044d0c
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007531cba6 5 bytes JMP 0000000110046d5d
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007531cc3f 5 bytes JMP 00000001100432c1
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007532b30c 5 bytes JMP 0000000110045549
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000075d454ad 5 bytes JMP 000000011003863d
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 000000007554afb8 5 bytes JMP 0000000110047453
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75]
.text C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075a6103d 5 bytes JMP 00000001100459d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 0000000075a7d3ab 5 bytes JMP 00000001100449b3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007516124e 5 bytes JMP 0000000110041eeb
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007516129d 5 bytes JMP 00000001100437eb
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 000000007554afb8 5 bytes JMP 0000000110047453
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000075d454ad 5 bytes JMP 000000011003863d
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!sendto 00000000753134b5 5 bytes JMP 0000000110044fba
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075313918 5 bytes JMP 0000000110043438
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075314406 5 bytes JMP 0000000110043fb2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!recv 0000000075316b0e 5 bytes JMP 0000000110044429
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!connect 0000000075316bdd 5 bytes JMP 0000000110042f4b
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!send 0000000075316f01 5 bytes JMP 0000000110043a40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075317089 5 bytes JMP 0000000110046a69
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000075317489 5 bytes JMP 00000001100446c2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007531b6dc 5 bytes JMP 0000000110044d0c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007531cba6 5 bytes JMP 0000000110046d5d
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007531cc3f 5 bytes JMP 00000001100432c1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007532b30c 5 bytes JMP 0000000110045549
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75]
.text ... * 2
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751a1465 2 bytes [1A, 75]
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751a14bb 2 bytes [1A, 75]
.text ... * 2
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSASend 000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSARecv 000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!send 000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!sendto 000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!recv 000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!recvfrom 000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSASendTo 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1560:4432] 000007fef8f5e8c4
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.04.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TerrorKruemel :: HOME [administrator]
24.02.2013 23:29:54
mbar-log-2013-02-24 (23-29-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29209
Time elapsed: 5 minute(s), 36 second(s)
Memory Processes Detected: 6
c:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1820 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 1032 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 3876 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> 3216 -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1744 -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1852 -> Delete on reboot.
Memory Modules Detected: 5
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
Registry Keys Detected: 7
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.BundleInstaller.IB) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (PUP.BundleInstaller.IB) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bProtector (PUP.BProtector) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Delete on reboot.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Delete on reboot.
Registry Values Detected: 2
HKCU\SOFTWARE\BPROTECTOR|iexplore homepages (PUP.BProtector) -> Data: hxxp://go.microsoft.com/fwlink/?LinkId=69157^hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731^^ -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BPROTECTOR|ImagePath (PUP.BProtector) -> Data: C:\ProgramData\bProtector\bProtect.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 28
c:\ProgramData\bProtector (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
Files Detected: 102
c:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Windows\System32\fsvk.exe.exe (Worm.Zhelatin) -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\asmcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\egdcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.24.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TerrorKruemel :: HOME [administrator]
24.02.2013 23:40:15
mbar-log-2013-02-24 (23-40-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28789
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
25.02.2013, 10:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll! aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Mein PC macht nicht mehr das was er soll! |
|
25.02.2013, 11:10
| #7 |
| | Mein PC macht nicht mehr das was er soll! Das Log von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 10:26:40
-----------------------------
10:26:40.305 OS Version: Windows x64 6.1.7601 Service Pack 1
10:26:40.305 Number of processors: 2 586 0x170A
10:26:40.306 ComputerName: HOME UserName:
10:26:41.503 Initialize success
10:27:24.264 AVAST engine defs: 13022401
10:28:06.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:28:06.918 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
10:28:06.918 Disk 0 MBR read successfully
10:28:06.918 Disk 0 MBR scan
10:28:06.934 Disk 0 Windows 7 default MBR code
10:28:06.934 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
10:28:06.981 Disk 0 scanning C:\Windows\system32\drivers
10:28:19.619 Service scanning
10:28:47.871 Modules scanning
10:28:47.871 Disk 0 trace - called modules:
10:28:47.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:28:47.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c114d0]
10:28:47.886 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800474d520]
10:28:47.886 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004738680]
10:28:56.999 AVAST engine scan C:\Windows
10:29:03.907 AVAST engine scan C:\Windows\system32
10:33:21.021 AVAST engine scan C:\Windows\system32\drivers
10:33:37.572 AVAST engine scan C:\Users\TerrorKruemel
10:49:37.256 AVAST engine scan C:\ProgramData
10:52:28.120 Scan finished successfully
10:54:58.333 Disk 0 MBR has been saved successfully to "C:\Users\TerrorKruemel\Desktop\MBR.dat"
10:54:58.396 The log file has been saved successfully to "C:\Users\TerrorKruemel\Desktop\aswMBR.txt"
|
|
25.02.2013, 11:15
| #8 |
| | Mein PC macht nicht mehr das was er soll! Den Log für den TDSSKiller musste ich in einen Anhang machen, weil er viel zu lang für in die Antwort ist ... übrigens hat sich plötzlich die Browserstartseite von Google auf hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731 geändert. Auserdem verlangt er ein Update von "juchcheck.exe" verifizierter Herausgeber ist "Oracle America, Inc." keine Ahnung was das ist, der BildButton sieht aus wie der von Java und wenn ich auf "Nein" klicke, gibt er auch an ein Java-Update zu sein, traue dem Braten aber nicht so recht! |
|
25.02.2013, 13:25
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll! JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 13:44
| #10 |
| | Mein PC macht nicht mehr das was er soll! So habe gerade den ADW Cleaner laufen lassen. Dann wollte er neustarten, was ich laut Aufforderung auch zugelassen habe. Nun ist er runtergefahren, ist an, rechnet, lüftet, aber fährt nicht wieder hoch! der Bildschirm bleibt einfach schwarz. |
|
25.02.2013, 13:49
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll! Nochmal neu starten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 13:57
| #12 |
| | Mein PC macht nicht mehr das was er soll! der Log von JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by TerrorKruemel on 25.02.2013 at 13:30:02,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
Successfully deleted: [File] "C:\Windows\syswow64\protector.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\AppData\Roaming\etype"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ FireFox
Successfully deleted: [File] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Successfully deleted the following from C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\prefs.js
user_pref("extensions.helperbar.smartbardisabled", false);
user_pref("extensions.helperbar.smartbarstateminimaized", false);
user_pref("keyword.url", "hxxp://search.etype.com/?smart=1&query=");
Emptied folder: C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\minidumps [2 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 13:34:57,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 13:37:39 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : TerrorKruemel - HOME
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TerrorKruemel\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\TerrorKruemel\AppData\Roaming\Mozilla\Firefox\Profiles\60uqusri.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\TerrorKruemel\AppData\Roaming\Mozilla\Firefox\Profiles\60uqusri.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "search the web");
Gelöscht : user_pref("browser.search.order.1", "search the web");
Gelöscht : user_pref("browser.search.selectedengine", "search the web");
Gelöscht : user_pref("extensions.installcache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{c7ae725d-fa5c-[...]
-\\ Google Chrome v15.0.874.106
Datei : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.32] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.35] : keyword = "ask.com",
Gelöscht [l.38] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF[...]
Gelöscht [l.39] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.1536] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1671] : urls_to_restore_on_startup = [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]
*************************
AdwCleaner[S1].txt - [5646 octets] - [25/02/2013 13:37:39]
########## EOF - C:\AdwCleaner[S1].txt - [5706 octets] ##########
|
|
25.02.2013, 14:00
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll! Was ist mit OTL?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 14:04
| #14 |
| | Mein PC macht nicht mehr das was er soll! Nun dann also OTL: Code:
ATTFilter OTL logfile created on: 25.02.2013 13:55:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TerrorKruemel\Desktop\dl's 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 785,47 Gb Free Space | 84,32% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TerrorKruemel\Desktop\dl's\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2c64.sys (BIOSTAR Group) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.) DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.) DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 3C 2E 01 C1 68 CD 01 [binary data] IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{12C1D674-2692-43A7-A4B8-97112E2C0304}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{DD2CC4B3-95D3-41CD-B98C-5ABB3A58ACC6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.24 20:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.26 21:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Extensions [2012.05.18 10:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions [2012.05.18 10:11:09 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.02.25 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions [2013.02.22 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_ptnrs=U3&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C&apn_dtid=OSJ000YYDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe () O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001..\Run: [LG LinkAir] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CE8280-4C11-4AC0-909E-483D19D5053D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (protector.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 13:30:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.25 13:29:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.25 10:58:07 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\36471435.sys [2013.02.25 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.25 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.25 03:00:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.25 03:00:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.25 03:00:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.25 03:00:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.25 03:00:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.25 03:00:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.25 03:00:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.25 03:00:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.25 03:00:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.25 03:00:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.25 03:00:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.25 03:00:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.25 03:00:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.24 23:22:14 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\Desktop\mbar [2013.02.24 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Roaming\Malwarebytes [2013.02.24 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.24 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.24 20:54:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.24 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.24 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Local\Programs [2013.02.21 22:08:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.02 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.02 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2013.02.25 13:51:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 13:51:14 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 13:38:01 | 000,000,180 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.25 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.25 11:06:43 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 11:06:43 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 10:58:07 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\36471435.sys [2013.02.25 10:54:58 | 000,000,512 | ---- | M] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat [2013.02.25 03:22:53 | 000,277,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.25 03:03:56 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.25 03:03:56 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.25 03:03:56 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.25 03:03:56 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.25 03:03:55 | 001,635,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.25 03:02:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.24 20:54:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 14:29:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 14:29:14 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.06 14:54:53 | 000,002,630 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg [2013.02.04 20:26:38 | 000,005,026 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg [2013.02.04 20:26:22 | 000,163,726 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg [2013.02.02 22:18:51 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2013.02.25 13:37:52 | 000,000,180 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.25 10:54:58 | 000,000,512 | ---- | C] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat [2013.02.24 20:54:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 14:54:51 | 000,002,630 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg [2013.02.04 20:26:37 | 000,005,026 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg [2013.02.04 20:26:18 | 000,163,726 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg [2013.02.02 22:18:50 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.26 13:30:04 | 000,001,518 | ---- | C] () -- C:\Users\TerrorKruemel\.recently-used.xbel [2012.03.11 12:09:55 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat [2011.12.25 10:59:45 | 000,000,045 | ---- | C] () -- C:\Users\TerrorKruemel\autorun.inf [2011.12.25 10:51:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2011.07.26 06:40:37 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > und Extras: Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 13:55:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 785,47 Gb Free Space | 84,32% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087D1E92-16BB-4A91-AE3C-C7CF3E6C9D82}" = rport=137 | protocol=17 | dir=out | app=system |
"{1A0C684C-6560-4B18-B7BD-2CABD23EC615}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1ACC75E7-2469-4243-9966-ECAAA657D013}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{27EF9B0A-54E4-46EF-91A8-465EB335C4CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C8B43D6-FC3B-4D4F-A672-6729F6261633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31C2F67A-0039-4EB9-AE0E-09AE1016200B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4176BC52-6562-4D24-BE96-561D91055967}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{451FF838-EF5C-4734-B0F3-9A29581B51C6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{54595E22-E7A0-4284-821E-89641D43F945}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AF9545B-5CB2-45C1-B265-85D7DCD0788C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B079709-196B-443E-971E-5BF923242D9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{5C9A864A-B901-4107-BD18-811D4943AA54}" = lport=138 | protocol=17 | dir=in | app=system |
"{609806D6-9977-4B63-960F-F8E7181F34DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6260245C-8458-4F82-AFD1-B66E57ABB419}" = rport=139 | protocol=6 | dir=out | app=system |
"{72EADCBF-FAF9-4593-A362-BD242AA94198}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EE8CBB8-F2A9-4EB1-83F8-FFFFA3B83761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{840C278B-ED4A-4DC3-BD88-0723CBFAC0A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{873BA7DE-B505-4AF9-9E9A-593112A2FD7D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9000B06D-25DA-4AA7-A072-AE70B430FB3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0443364-D60C-422F-82F7-4A6A85687AC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A46F768D-18AC-4547-9D3C-5C6EE2533E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7BD3957-EE7C-4CFD-AC01-F0BF7EFE719C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD49E7E4-BF0E-437A-A553-B65F1779285B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AFF29CF9-CF01-4B38-822A-7F3D70FF0FD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5B0BDB9-4673-4BC1-8781-1371E8B557D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9234865-CEC6-486F-BFDA-4DEF9A8D3F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C498A6C9-D33B-47DA-A43E-FBC084A54BF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D3614A2C-E5C9-4B14-9C35-6C08CB333FFB}" = rport=445 | protocol=6 | dir=out | app=system |
"{D64FF27D-592D-46FB-9DDC-DA5671211A03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D77A0698-53CA-4BA9-83EA-5F5D69A8264A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE27FB9E-4BCF-4918-BC8D-9F8DE1583A98}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0C92863-19C8-47FA-A3FB-FD6C0D1883A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{ED3D4138-B44F-4CC3-A605-5057557D705E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE943F0E-8592-456F-97BB-B7BB63E4AF26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F53FFC14-57C4-43BF-8EF5-8121985B29C8}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AD2C34-519E-4D88-AB15-5CE50883767E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0F663FE8-8FA3-4981-A42F-6ED2355FC1BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{148EA85A-DE9D-4B6C-B786-931E1A794FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17F5EFB7-38FC-493A-A6F3-95BF9604F6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{1A20A954-1C18-4E70-A609-1882E2378615}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E427FF2-D2D6-4EBF-992F-B0BC831F74DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22B3213B-52BA-48DD-944D-E943C8C6E90B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22D71BD7-AE80-4150-A4FC-CACDE2503579}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2523E811-A6E5-417F-97EF-7818C13EBB55}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{2AA3B9A0-9DF3-4172-8164-10587577CA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2EBF4371-9E4D-4C4A-B666-08CE27055F40}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{31692A4C-6CAE-4520-87DC-71123056AA0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{44DBB525-BEE1-4540-A232-E681AA1ED0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4BC1593D-1883-42FB-9CEF-33303F7D2416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{523E77F7-FDC5-4EA3-98FC-6B6AB22C5553}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{591CCF63-CC02-4CD8-A1C4-C1024A045043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A3EDEF9-60B1-4004-80BA-7F1893F6A83C}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{5B857988-2FAC-4D6B-8AD8-C2E2048326E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{5DF620A6-0DB2-4BD0-BF8F-77E7ACB9CD09}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{5F363ACF-F3CA-4075-AD2A-7C8AD07A3DAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F778C35-C34C-4F2B-ADA0-6ED2321D7DB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FBF93D1-DD07-466C-BDC5-B54B1047B5F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6671CB26-704F-44C5-8A83-0C73F81A91EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6F2CE35E-C83B-439B-A7BD-D6DF42B56280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{735241CA-9C0C-493C-9F82-A57EB0D177A5}" = protocol=6 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe |
"{7B29728D-3EC6-4D32-84DE-6A9CC895C5C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7D36425E-734B-49F4-8B93-F30BB8B934F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80E0CB1D-A940-4FCC-AF19-E06CF650F2EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8245FFBF-DCD7-4F93-BF9C-6176518C6848}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{8F6DB27C-24BC-46E2-B4AD-32A995D89A83}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9205CAF7-4181-4CB2-9EBB-403AF66AC537}" = protocol=17 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe |
"{923B5468-EDB6-4073-8024-88E32AE99A58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A29E2A1E-785E-4E58-8C4D-EB80A69D309F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6141802-88FF-4B01-ACD6-3C922BCC089F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{BBF1E774-CAF2-404F-BDE0-115DE88D56B5}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{C1FCF136-ADA3-41E6-A642-8DC5EA22368A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CD1DC6E0-6FC6-45E0-A0CC-8263CB3FB3DB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD23AC41-9CA2-4B56-B5AB-D11672110B0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DD0973B6-52DE-4A08-A15F-4A72BED3489E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFF0DCA3-6DD6-4815-9010-2A0C5259F7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E281FB66-6AD5-4C9C-8ED4-5A11E5560014}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{E4BD1750-3C1D-4B37-873D-15F31633F7B9}" = protocol=6 | dir=out | app=system |
"{E90626D8-ABFA-4DC3-864B-78E98C229CBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E97433AF-5345-45D2-A79F-1F6E7C143BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{EF77647B-2E80-43CE-9195-BB7E09FBE5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F28571BE-864F-42C5-910B-DDDE0870D11C}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F912CF1E-D4A8-48A8-86A1-0D9D4128C98D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD6A2256-8082-4202-944D-65DABF3AC4DF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"TCP Query User{16EE200C-E069-4B51-8AA4-449C564F6A47}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{44A56481-7E79-4E50-BF2D-7DFDD7FB52D1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{AA225459-74F7-4275-9F11-89087490141F}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=6 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe |
"UDP Query User{101104BD-475C-47A7-A63C-969F4EF1C9A1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"UDP Query User{60EEDCB2-00AE-4E0B-93D3-9D3B6D11FA89}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=17 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe |
"UDP Query User{B76ED0F6-4D9A-4315-A8EC-C69D8AE19F6E}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6540D6AD-4218-444D-84EC-E6C85F35EE31}" = Eldorado
"{6642BF47-D82A-447B-90E7-658FA865AFD7}" = Temperature Monitor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 08:53:05 | Computer Name = Home | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.02.2013 08:51:34 | Computer Name = Home | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 25.02.2013 08:51:34 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 25.02.2013 08:51:35 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.02.2013 08:51:49 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.02.2013 08:51:49 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.02.2013 08:51:52 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.02.2013 08:51:52 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 25.02.2013 08:53:40 | Computer Name = Home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 25.02.2013 08:53:40 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
25.02.2013, 14:08
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein PC macht nicht mehr das was er soll!Fixen mit OTL
Code:
ATTFilter :OTL
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_ptnrs=U3&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
[2013.02.25 10:54:58 | 000,000,512 | ---- | C] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mein PC macht nicht mehr das was er soll! |
| administrator, autostart, bootstrap.js, dateien, explorer, firefox, folge, geliefert, google, home, laptop, lösung, malwarebytes, maus, microsoft, neu, ohne befund, preferences, programm, programme, registry, relevantknowledge, scan, security, seite, software, starten, stick, suche |
Textbox. 
Linear-Darstellung
