Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC läuft zu langsam (Schädlingsverdacht) (https://www.trojaner-board.de/130957-pc-laeuft-langsam-schaedlingsverdacht.html)

karlshagen 12.02.2013 16:06
PC läuft zu langsam (Schädlingsverdacht)
 
Habe folgendes System:

WIN 7 Home Premium Service Pack 1 (ist installiert)
Arbeitsspeicher: 2,00 GB (1,75 GB verwendbar)
Systemtyp: 32 bit Betriebssystem
Prozessor: Intel(R) Atom(TM) CPU 330 @1,60 GHz 1,76 GHz
Modell: ASUS Eee Top Series
Vierenprogramm: Microsoft Security Essentials

Mein Problem ist, das der PC in letzter Zeit sehr langsam ist und er beim herunterfahren sehr lange benötigt.

Daher mein Verdacht, das ich mir vielleicht etwas eingefangen habe.

Gibt es eigentlich ein wirklich effizentes Programm, welches Trojaner und andere Schädlinge aufspürt und entfernen kann?

Danke für Eure Hilfe
karlshagen :dankeschoen:

cosinus 12.02.2013 17:13
Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

karlshagen 12.02.2013 17:25
Kannst Du mir noch mal kurz die CODE Tags Bezeichnung sagen?

Code:
OTL Extras logfile created on: 2/12/2013 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 24.71% Memory free
6.12 Gb Paging File | 3.82 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 55.66 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 125.90 Gb Free Space | 65.76% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BC81B-1C3A-4FF8-BEB0-EC985A02F14E}" = lport=8766 | protocol=6 | dir=in | name=online-doppelkopf |
"{07D552BC-38AA-467C-B367-1A6ED14F8D82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{09F9EC1B-6DCA-4A6C-99F8-72655EC1D0A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0EE77D9F-321E-4022-93BE-40E38AC317B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FED86BD-3142-4574-93B3-8390661DB008}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B0F7093-F0DF-4A22-80B4-829A374D2869}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1DFABF03-4FCC-45D4-ADF1-748FAD674DA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{206BA81F-4EFC-4261-A8D9-A731BCFFA810}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2B78B157-0D7B-4EC0-8CDA-9071DBA81F81}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C79DE7E-EE95-4E05-AEFB-F8941E27421E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D305028-C089-4305-AB28-BAD003228EFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3829D624-46F9-44D6-ADEA-2616A337F353}" = rport=138 | protocol=17 | dir=out | app=system |
"{389A3274-009C-4F01-B2EA-9637CC21C531}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3EEC9015-16A1-4FAB-8AD4-E8FDAA57D3A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47C2C673-CA26-437A-8C32-9FB712F259F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48035048-4675-488F-96C8-1DD81DE181A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BE2F0BF-9CB1-41A7-B884-457E6B8D3E1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{52E2772A-1C32-49AD-8A48-62FD7673B2FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56CD5A75-1EE8-424D-8D45-32C7277B3025}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{58DC3350-21C6-4899-A516-E2B11BC2F4A8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D1152FF-C183-44EA-9C6F-FC6CD289F2BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65755AD7-F38C-4751-9A5B-831CF9540F1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70F5D135-BA9F-4B4E-992E-6587586ECA97}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7AFC6F1A-ED89-44F7-8776-1CE982906C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BACF0EA-2D25-4493-85AE-BB71C9E09348}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DAD3DD5-3E56-441B-A484-0901054FB8D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D55376-1467-4269-B9FD-6579F1F615BF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8846A525-865A-446D-85FC-A88CDB388258}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8BA1E4C3-B1A3-43EF-A65A-97B99B37D538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A18E577C-A50D-43BB-8733-3E705403515E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A529926E-A7B5-4483-8C0C-D7B8FF7CDF4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A6A7D36A-F0A7-4857-BF0F-4B2A8CFABF33}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB1C04D9-5FF1-4AEB-8A2C-725BDB96386E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B729FBE1-D38A-4A50-B372-7E5D31B4FBA9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8018E50-A56D-4DDB-B710-A7C667B1B062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8ABDC9B-1272-4CBA-AB59-8F4B3F99A052}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFC82733-A6A8-40C5-8E0A-3F5EDD4B2DD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D15B928E-DAF4-4535-8C67-5C1BD7C79634}" = lport=139 | protocol=6 | dir=in | app=system |
"{DCCC18D2-E772-40C3-B0E9-210874FF7500}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6389216-7E75-4FCF-85F3-BA654EE5FB7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9DB5595-E68F-4841-A9A9-1F17E7D8364E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F015F9DF-BD7B-4F90-9E46-BEC2D71C3936}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6A4999A-7381-40ED-ABA0-8D190E63B3A7}" = rport=2869 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E49EE4-9552-4718-A619-06E9508FF6CC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{189AC8AD-4124-4A4B-B71C-89DEBB9999D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19C35A79-B354-4820-B74B-970721ACC60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27406DFE-7228-4401-BB18-13772B0BE6AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2BC12C01-50AE-44F6-BA29-2FA3D663F25A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{33A6DC2E-24D9-46B0-BCEC-292C14466D65}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{36D98974-D794-4E8D-8174-14BE18937551}" = dir=in | app=c:\users\15g22j0290k0eu2y\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{38E4D653-9954-4AE6-8955-509AA1E14DA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CBC75E0-3362-4E92-89B3-7DB2BDC6893A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51230692-A354-4C60-95D4-C3F11625072E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5512D08D-59C5-4BDE-8677-5C14CB78E80A}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5E9E7413-0AE5-4D9E-9B25-7D8777AA8F3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6975A01D-441B-412C-97FF-45CF037BCB1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ADFC81B-ED82-4AB7-81BA-B3AC42F088BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BCB530A-CBC1-40C2-8C30-29603AE0D496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F469877-68CC-48F1-806B-ED75B495ED70}" = protocol=6 | dir=out | app=system |
"{797AE3E8-C211-4387-B257-37C6CFA6ADC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B16CBEB-CD2C-4ABF-AFF5-7ED3C6327D52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8384A062-5073-4AD8-9C98-AF1BDED711A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{84BF80C9-00E7-4608-B5B4-992F3589CE49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97B41B00-3FB5-4881-A59B-BD00C449475A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FA09FB0-68EF-4633-95FF-AE1DEAB490C5}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AA318963-0A57-4D86-88F9-F332D9C2DA83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1808B15-6044-4B68-A2E9-3D8FDC98156A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7DC9953-90B5-4C51-99E5-2D9D2D42511E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B83AAD35-2DDA-491D-9C44-4BB89D7EEE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CEBDB086-4E4B-4D1A-BD60-56B84ED6BE05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F01E0290-BBC0-4D53-AB5A-A66BD5D21FBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0E2E36-E88D-494D-9FDF-648CE633CDCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD4101E7-802C-46F2-99FE-8FB165D5E6AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{6728425D-3112-4AA5-93CC-9B5D7B42E87B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{1CA02C97-F9F6-495B-864B-38060B0E1C50}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = ASUS Eee Cam
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{100F14F5-1C3F-EDDA-9947-C0241D61AF58}" = ATI Catalyst Install Manager
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{281C959A-2894-4251-8B02-A48186147282}" = Alcor Micro USB Card Reader
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A2BE254-88E2-4416-AF72-288BE35ED713}_is1" = IdeaCom TSC 3.2.1206.10
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795274EF-3EDA-4427-9D4C-446C9137BB6D}" = Eee Manager
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85EA6D4E-04CC-48b0-B526-EA9E2FEF56FA}" = Eee Docking
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7ABBD4-A617-4AE8-9C6D-1510DE46EC35}" = Nero 11
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}" = ASUS Easy Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CF5451E4-DA6F-44AE-88D4-BCEC1508C17E}" = Eee Memo
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"Asus WebStorage" = Asus WebStorage
"AsusVibeCheckUpdate_is1" = AsusVibeCheckUpdate
"CCleaner" = CCleaner
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Free Studio_is1" = Free Studio version 5.6.2.627
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = ASUS Eee Cam
"InstallShield_{281C959A-2894-4251-8B02-A48186147282}" = Alcor Micro USB Card Reader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PrivitizeVPN" = PrivitizeVPN
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/11/2013 10:56:36 AM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1ed4    Startzeit: 01ce08652f8a1c24    Endzeit: 560    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 11:53:15 AM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 11:57:30 AM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 11:58:33 AM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2b8c    Startzeit: 01ce086e61521e4c    Endzeit: 765    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 12:34:56 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm INS608F.tmp, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2bf0    Startzeit:
 01ce087561b4eee4    Endzeit: 60    Anwendungspfad: C:\Users\15G22J~1\AppData\Local\Temp\INS608F.tmp

Berichts-ID:
 d02e133d-7468-11e2-b4b7-90e6ba5b36a3 
 
Error - 2/11/2013 12:46:12 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x1424  Startzeit der fehlerhaften Anwendung: 0x01ce087735e7127c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 8a67a3ac-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:46:27 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x2f98  Startzeit der fehlerhaften Anwendung: 0x01ce08772cca6e3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 93c4b41c-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:46:44 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x244c  Startzeit der fehlerhaften Anwendung: 0x01ce087758ebcb3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 9dc48c6c-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:47:23 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000470b2  ID des fehlerhaften Prozesses:
 0x2f98  Startzeit der fehlerhaften Anwendung: 0x01ce08772cca6e3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b4d85adc-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:48:05 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 34d0    Startzeit: 01ce0870a54e6be4    Endzeit: 1389    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 12:51:21 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm CCleaner.exe, Version 3.27.0.1900 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 28ac    Startzeit:
 01ce0870b72dec04    Endzeit: 874    Anwendungspfad: C:\Program Files\CCleaner\CCleaner.exe

Berichts-ID:
 2fd6417d-746b-11e2-b4b7-90e6ba5b36a3 
 
Error - 2/11/2013 1:22:03 PM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 1:40:39 PM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/12/2013 12:49:55 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f04    Startzeit: 01ce090564163ae0    Endzeit: 1210    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/12/2013 12:59:32 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 30ec    Startzeit: 01ce0940fc97cba4    Endzeit: 647    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 77206d45-7535-11e2-a959-90e6ba5b36a3

 
[ System Events ]
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:  %%126
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:  %%126
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 1:07:04 PM | Computer Name = Biba | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
Code:
OTL logfile created on: 2/12/2013 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 24.71% Memory free
6.12 Gb Paging File | 3.82 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 55.66 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 125.90 Gb Free Space | 65.76% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
PRC - C:\Program Files\RelevantKnowledge\rlvknlg.exe (TMRG,  Inc.)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\calc.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImAppRU.dll ()
MOD - \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1998982368-3054312690-3844566786-1000\Indiv01.key ()
MOD - C:\Program Files\IncrediMail\Bin\pmc.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RelevantKnowledge) -- C:\Program Files\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (ay2gxske) --  File not found
DRV - (MpKsl7c329b1c) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5530FF78-84D4-47DD-B976-D69F33991593}\MpKsl7c329b1c.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724407
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=060612_6_&babsrc=SP_ss&mntrId=34edba8b000000000000000000000000
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox [2012/10/09 19:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 18:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 08:43:15 | 000,000,000 | ---D | M]
 
[2012/08/28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012/12/28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012/12/10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 18:55:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/07 23:46:18 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012/12/22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: Domain = goezy.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: NameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/12 17:17:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 14:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2013/02/11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013/02/11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013/02/08 09:21:13 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Documents\Outlook-Dateien
[2012/05/08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011/12/08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/12 17:55:06 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 17:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 17:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 16:17:25 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 16:17:25 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 15:07:07 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013/02/12 10:29:08 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/12 10:27:28 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 10:27:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/12 10:26:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/12 10:26:37 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/12 00:39:18 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013/02/08 09:21:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 09:21:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 09:21:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/08 09:07:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013/02/07 15:28:48 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/07 15:28:48 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/07 15:28:48 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/07 15:28:48 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/21 20:54:13 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
 
========== Files Created - No Company Name ==========
 
[2013/02/12 00:38:56 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012/12/07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/12/07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/12/07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/12/07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/12/07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/10/27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/07/02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/06/08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/05/30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012/02/22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011/12/08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011/12/08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011/12/08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011/12/08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/02/17 14:10:28 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/28 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Asus WebStorage
[2013/01/12 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DAEMON Tools Lite
[2012/07/03 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoft
[2012/07/03 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/07 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\elsterformular
[2012/12/21 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\ImgBurn
[2012/12/22 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Oberon Media
[2012/07/03 17:58:34 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\OpenCandy
[2011/11/28 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\PhotoFiltre
[2012/06/20 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony
[2012/06/20 23:08:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony Setup
[2012/06/08 00:59:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\systweak
[2013/02/03 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TeamViewer
[2013/02/11 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2012/07/06 08:44:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Uniblue
[2012/12/22 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\VisicomToolBar
[2013/01/27 19:54:40 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Vso
[2012/07/05 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

cosinus 12.02.2013 23:34
Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

karlshagen 13.02.2013 15:47
Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 15:36:41
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\15G22J~1\AppData\Local\Temp\pxddqpow.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                  83074A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                    830AE4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.sptd1  C:\Windows\System32\Drivers\sptd.sys                                                                                      entry point in ".sptd1" section [0x88791B2E]
PAGE    PCIIDEX.SYS!DllUnload                                                                                                    8886F606 5 Bytes  JMP 85D601C8
PAGE    ataport.SYS!DllUnload + 1                                                                                                888AAAD7 4 Bytes  JMP 850B8411
.text  USBPORT.SYS!DllUnload                                                                                                    8DA29DB9 5 Bytes  JMP 8621A1C8
?      C:\Windows\System32\Drivers\a5mfy3ru.SYS                                                                                  suspicious PE modification
PAGE    peauth.sys                                                                                                                A22FBBED 110 Bytes  CALL BF3BFD12
.text  autochk.exe                                                                                                              00271204 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text  autochk.exe                                                                                                              0027120C 1 Byte  [00]
.text  autochk.exe                                                                                                              00271210 1 Byte  [00]
.text  autochk.exe                                                                                                              00271214 2 Bytes  [00, 00] {ADD [EAX], AL}
.text  autochk.exe                                                                                                              00271218 2 Bytes  [00, 00] {ADD [EAX], AL}
.text  ...                                                                                                                     

---- User code sections - GMER 2.0 ----

.text  C:\Windows\system32\wbem\unsecapp.exe[348] kernel32.dll!CreateProcessW                                                    75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] kernel32.dll!GetQueuedCompletionStatus                                        75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] ole32.dll!CoGetClassObject                                                    762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!sendto                                                              767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!closesocket                                                        76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSASend                                                            76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!recv                                                                76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!connect                                                            76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!send                                                                76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSARecv                                                            76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSAGetOverlappedResult                                              76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!recvfrom                                                            7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSARecvFrom                                                        7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSAConnect                                                          7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSASendTo                                                          7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WININET.dll!UnlockUrlCacheEntryFile                                            7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] kernel32.dll!CreateProcessW                                                            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] kernel32.dll!GetQueuedCompletionStatus                                                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] ole32.dll!CoGetClassObject                                                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!sendto                                                                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!closesocket                                                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSASend                                                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!recv                                                                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!connect                                                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!send                                                                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSARecv                                                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSAGetOverlappedResult                                                      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!recvfrom                                                                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSARecvFrom                                                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSAConnect                                                                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSASendTo                                                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WININET.dll!UnlockUrlCacheEntryFile                                                    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessW                                                                75F3204D 5 Bytes  JMP 074D5001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] kernel32.dll!GetQueuedCompletionStatus                                                      75F64E90 5 Bytes  JMP 074D3FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] ole32.dll!CoGetClassObject                                                                  762554AD 5 Bytes  JMP 074C7B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!sendto                                                                          767134B5 5 Bytes  JMP 074D45E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!closesocket                                                                      76713918 5 Bytes  JMP 074D2A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSASend                                                                          76714406 5 Bytes  JMP 074D35DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!recv                                                                            76716B0E 5 Bytes  JMP 074D3A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!connect                                                                          76716BDD 5 Bytes  JMP 074D2574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!send                                                                            76716F01 5 Bytes  JMP 074D3069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSARecv                                                                          76717089 5 Bytes  JMP 074D60BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSAGetOverlappedResult                                                          76717489 5 Bytes  JMP 074D3CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!recvfrom                                                                        7671B6DC 5 Bytes  JMP 074D4335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSARecvFrom                                                                      7671CBA6 5 Bytes  JMP 074D63AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSAConnect                                                                      7671CC3F 5 Bytes  JMP 074D28EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSASendTo                                                                        7672B30C 5 Bytes  JMP 074D4B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WININET.dll!UnlockUrlCacheEntryFile                                                        7593AFB8 5 Bytes  JMP 074D6AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] kernel32.dll!CreateProcessW                                  75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] kernel32.dll!GetQueuedCompletionStatus                      75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] ole32.dll!CoGetClassObject                                  762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WININET.dll!UnlockUrlCacheEntryFile                          7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!sendto                                            767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!closesocket                                      76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSASend                                          76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!recv                                              76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!connect                                          76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!send                                              76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSARecv                                          76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSAGetOverlappedResult                            76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!recvfrom                                          7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSARecvFrom                                      7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSAConnect                                        7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSASendTo                                        7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] kernel32.dll!CreateProcessW                              75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] kernel32.dll!GetQueuedCompletionStatus                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WININET.dll!UnlockUrlCacheEntryFile                      7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] ole32.dll!CoGetClassObject                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!sendto                                        767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!closesocket                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSASend                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!recv                                          76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!connect                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!send                                          76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSARecv                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSAGetOverlappedResult                        76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!recvfrom                                      7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSARecvFrom                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSAConnect                                    7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSASendTo                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] kernel32.dll!CreateProcessW                            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] kernel32.dll!GetQueuedCompletionStatus                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WININET.dll!UnlockUrlCacheEntryFile                    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] ole32.dll!CoGetClassObject                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!sendto                                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!closesocket                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSASend                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!recv                                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!connect                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!send                                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSARecv                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSAGetOverlappedResult                      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!recvfrom                                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSARecvFrom                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSAConnect                                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSASendTo                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] kernel32.dll!CreateProcessW            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] kernel32.dll!GetQueuedCompletionStatus  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] ole32.dll!CoGetClassObject              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!sendto                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!closesocket                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSASend                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!recv                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!connect                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!send                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSARecv                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSAGetOverlappedResult      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!recvfrom                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSARecvFrom                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSAConnect                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSASendTo                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WININET.dll!UnlockUrlCacheEntryFile    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)

---- Kernel IAT/EAT - GMER 2.0 ----

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                  [8869C730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                [8869CF12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                [8869D232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                          [8869D0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                          [8869C914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                          [741524CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                      [7413562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                    [741356EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                            [74152546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                  [741485AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                    [74144D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                  [74145105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                  [741451DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                        [74146707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                  [74148301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                              [74148850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                            [741490B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                  [7414E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                      [74144C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x3B 0x5A 0x26 0x77 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x79 0x05 0x2D 0x50 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0x9F 0xB2 0x2B 0x09 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                      0xE5 0x86 0x42 0x50 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                          0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                          0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0x3B 0x5A 0x26 0x77 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                          D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                              0x79 0x05 0x2D 0x50 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0x9F 0xB2 0x2B 0x09 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                          0xE5 0x86 0x42 0x50 ...

---- EOF - GMER 2.0 ----

cosinus 14.02.2013 11:09
Was ist mit dem anderen Log? :wtf:

karlshagen 14.02.2013 15:03
Welchen andern meinst Du? Da war nur einer.

cosinus 14.02.2013 15:40
Beiträge mal komplett lesen? => GMER wurde am Anfang erwähnt, dann aswMBR, ich seh aber nur ein Log von GMER

Zitat:
Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

...

karlshagen 14.02.2013 17:04
Scan mit aswMBR ist mittendrin abgebrochen.

cosinus 14.02.2013 17:12
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

karlshagen 14.02.2013 19:12
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 19:03:56
-----------------------------
19:03:56.482    OS Version: Windows 6.1.7601 Service Pack 1
19:03:56.482    Number of processors: 4 586 0x1C02
19:03:56.482    ComputerName: BIBA  UserName:
19:04:00.616    Initialize success
19:04:29.226    AVAST engine defs: 13021400
19:04:46.480    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:04:46.480    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
19:04:46.542    Disk 0 MBR read successfully
19:04:46.542    Disk 0 MBR scan
19:04:46.558    Disk 0 unknown MBR code
19:04:46.574    Disk 0 Partition 1 00    1B  Hidd FAT32 NTFS        8192 MB offset 50
19:04:46.605    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      100960 MB offset 16778600
19:04:46.652    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      196058 MB offset 223546250
19:04:46.714    Disk 0 Partition 4 00    EF      EFI FAT    A1370      31 MB offset 625074950
19:04:46.730    Disk 0 scanning sectors +625140450
19:04:46.839    Disk 0 scanning C:\Windows\system32\drivers
19:05:17.524    Service scanning
19:06:10.455    Modules scanning
19:06:32.888    Disk 0 trace - called modules:
19:06:32.934    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85d631e8]<<
19:06:32.950    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f3f460]
19:06:32.966    3 CLASSPNP.SYS[88f1259e] -> nt!IofCallDriver -> [0x85df1918]
19:06:32.997    5 ACPI.sys[837be3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850ef610]
19:06:33.012    \Driver\atapi[0x85dd96b0] -> IRP_MJ_CREATE -> 0x85d631e8
19:06:33.028    Scan finished successfully
19:08:11.230    Disk 0 MBR has been saved successfully to "C:\Users\15G22J0290K0EU2Y\Desktop\Scan\MBR.dat"
19:08:11.246    The log file has been saved successfully to "C:\Users\15G22J0290K0EU2Y\Desktop\Scan\aswMBR.txt"

cosinus 15.02.2013 10:43
MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

karlshagen 15.02.2013 15:05
Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
15G22J0290K0EU2Y :: BIBA [administrator]

15.02.2013 14:28:47
mbar-log-2013-02-15 (14-28-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26773
Time elapsed: 32 minute(s), 27 second(s)

Memory Processes Detected: 2
c:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 2200 -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 3848 -> Delete on reboot.

Memory Modules Detected: 15
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 26
c:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.

Files Detected: 95
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\egdcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\rlnx.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID -  Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.

(end)
Code:
15:08:18.0673 0840  WebClient - ok
15:08:18.0693 0840  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:08:18.0713 0840  Wecsvc - ok
15:08:18.0733 0840  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:08:18.0743 0840  wercplsupport - ok
15:08:18.0773 0840  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:08:18.0783 0840  WerSvc - ok
15:08:18.0823 0840  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:08:18.0823 0840  WfpLwf - ok
15:08:18.0843 0840  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:08:18.0853 0840  WIMMount - ok
15:08:18.0913 0840  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:08:18.0933 0840  WinDefend - ok
15:08:18.0953 0840  WinHttpAutoProxySvc - ok
15:08:19.0043 0840  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:08:19.0043 0840  Winmgmt - ok
15:08:19.0243 0840  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
15:08:19.0273 0840  WinRM - ok
15:08:19.0323 0840  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:08:19.0323 0840  WinUsb - ok
15:08:19.0383 0840  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:08:19.0413 0840  Wlansvc - ok
15:08:19.0443 0840  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:08:19.0443 0840  WmiAcpi - ok
15:08:19.0503 0840  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:08:19.0543 0840  wmiApSrv - ok
15:08:19.0683 0840  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:08:19.0713 0840  WMPNetworkSvc - ok
15:08:19.0753 0840  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:08:19.0763 0840  WPCSvc - ok
15:08:19.0803 0840  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:08:19.0813 0840  WPDBusEnum - ok
15:08:19.0843 0840  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:08:19.0843 0840  ws2ifsl - ok
15:08:19.0873 0840  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:08:19.0883 0840  wscsvc - ok
15:08:19.0903 0840  WSearch - ok
15:08:20.0003 0840  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:08:20.0053 0840  wuauserv - ok
15:08:20.0093 0840  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:08:20.0093 0840  WudfPf - ok
15:08:20.0123 0840  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:20.0133 0840  WUDFRd - ok
15:08:20.0163 0840  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:08:20.0173 0840  wudfsvc - ok
15:08:20.0203 0840  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:08:20.0223 0840  WwanSvc - ok
Code:
15:08:20.0293 0840  ================ Scan global ===============================
15:08:20.0333 0840  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:08:20.0383 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0403 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0443 0840  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:08:20.0493 0840  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:08:20.0503 0840  [Global] - ok
15:08:20.0503 0840  ================ Scan MBR ==================================
15:08:20.0523 0840  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk0\DR0
15:08:20.0783 0840  \Device\Harddisk0\DR0 - ok
15:08:20.0783 0840  ================ Scan VBR ==================================
15:08:20.0793 0840  [ EFCAF4556CC4D2273069727C6D68A0F5 ] \Device\Harddisk0\DR0\Partition1
15:08:20.0803 0840  \Device\Harddisk0\DR0\Partition1 - ok
15:08:20.0833 0840  [ DC37B8A9882E771E94BBC2EB6C2164FF ] \Device\Harddisk0\DR0\Partition2
15:08:20.0833 0840  \Device\Harddisk0\DR0\Partition2 - ok
15:08:20.0843 0840  ============================================================
15:08:20.0843 0840  Scan finished
15:08:20.0843 0840  ============================================================
15:08:20.0873 2980  Detected object count: 0
15:08:20.0873 2980  Actual detected object count: 0
15:10:52.0631 4184  Deinitialize success

cosinus 15.02.2013 15:38
Das LOg vom TDSS ist unvollständig und zerhackstückelt :wtf:
Bitte richtig posten

karlshagen 15.02.2013 16:45
Folgende Meldung beim Übertragen des letzten LOGS.

Der Text, den Sie eingegeben haben, besteht aus 128375 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

Daher habe ich es einfach geteilt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:26 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131