Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein PC macht nicht mehr das was er soll!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.02.2013, 20:40   #1
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Hallo Ihr Lieben.

Nach tagelanger suche nach der Lösung meines Problems, wende ich mich nun Hilfesuchend
an Euch in der Hoffnung, dass Ihr mir helfen könnt!

Das Problem begann vor 3 Tagen.
Mein Freund ist WoW-Spieler und war gerade fleißig am zocken, als plötzlich nichts mehr so funktionierte wie es eigentlich sollte. Zuerst konnte er nicht mehr schreiben.
Sobald er anfing zu schreiben, hat sich das Schreibfenster auch schon wieder geschlossen.
Dann hat der PC wie ihm lustig war den Num-Lock aktiviert und deaktiviert. Beim betätigen der selbigen Taste hat der PC das Spiel minimiert.

Ich habe mich dann gütig wie ich war hingesetzt und erstmal das Virenprogramm (Microsoft Security Essentials) sowie den C-Cleaner drüber laufen lassen. Der Virenscan war ohne Befund, C-Cleaner hatte einiges in der Registry gefunden was ich ihn auch gleich beheben lassen habe!
Nun schien zumindest das schreiben wieder möglich. Ich dachte mir aber, das es vielleicht besser wäre den PC mal ganz neu zu Starten, was der PC aber wohl für keine so gute Idee hielt. Denn ob ich nun "Start" klickte oder die Windows-Taste benutze, das Startmenue blitzte kurz auf und schloss sich dann wieder

Vor lauter Panik, dass der Kasten nun ganz schlapp macht, habe ich erstmal alle wirklich wichtigen Daten auf nen Stick gepackt, was kein leichtes unterfangen war, denn Dateien per Maus verschieben war nicht. Also war "Ausschneiden" und "Einfügen" angesagt.

Als nun die wichtigen Dateien gesichert waren, habe ich mit an den Laptop gehängt und recherchiert was ich tun könnte, bzw was überhaupt das Problem ist.
Wirklich finden konnte ich aber nichts. Dann kam mir die Idee vielleicht das Reperatur Programm von Windows drüber laufen zu lassen und siehe da, das Problem scheint nach mittlerweile 5-6 Stunden Schweiß gebannt. DENKSTE!
Am nächsten morgen das selbe Problem, nur das ich nun fast garnichts mehr machen durfte! Der PC hat ohne mein Zutun nichts gemacht aber wehe ich habe was machen wollen!
Wenn ich ein Programm deinstallieren wollte, hat der PC die Deinstallation von selbst abgebrochen und all so Dinge!
Gestern Nachmittag dann habe ich den Kasten mal aufgemacht, weil eine Bekannt mir geraten hatte den mal zu entstauben, könnte angeblich daran liegen. Gut er war ziemlich verstaubt, das Problem wurde trotzdem nicht behoben.
Dann habe ich eine Systemzurücksetzung vorgenommen und das Problem war wieder einmal verschwunden. Bis vor einer Stunde. Da ging alles wieder von vorne los!

Ich habe dann Eure Seite entdeckt und mir nach dem Rat auf der Startseite "Malwarebytes" geladen!
Das lief nun 45 Minuten und hat mir folgenes geliefert!

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TerrorKruemel :: HOME [Administrator]

Schutz: Aktiviert

24.02.2013 20:55:05
MBAM-log-2013-02-24 (21-30-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 369839
Laufzeit: 32 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 6
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1856 -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 1596 -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 888 -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> 3488 -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1764 -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1892 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 2
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins\rlcm.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 7
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\bProtector|iexplore homepages (PUP.BProtector) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=69157^hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731^^ -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\bProtector|ImagePath (PUP.BProtector) -> Daten: C:\ProgramData\bProtector\bProtect.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 28
C:\ProgramData\bProtector (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 101
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins\rlcm.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\TerrorKruemel\Programme\SoftonicDownloader_fuer_toaster.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

(Ende)


Ich hoffe sehr das ihr mir helfen könnt. Ich weiss nicht was der Kerl mit seinem Rechner angestellt hat, jedenfalls scheint da wirklich was nicht i.O. zu sein!

Viele liebe Grüße und schon mal lieben Dank im Vorraus!

Alt 24.02.2013, 21:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Hallo und

Zitat:
C-Cleaner hatte einiges in der Registry gefunden was ich ihn auch gleich beheben lassen habe!
Finger weg von Regcleanern!!

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 24.02.2013, 21:51   #3
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



erst einmal vieeelen Dank für die schnelle Antwort um diese Uhrzeit :-)

Hier nun die OTL Berichte

Code:
ATTFilter
OTL logfile created on: 24.02.2013 22:35:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,82% Memory free
8,00 Gb Paging File | 5,84 Gb Available in Paging File | 73,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 784,14 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TerrorKruemel\Desktop\dl's\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
PRC - C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (TMRG,  Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - C:\ProgramData\bProtector\bProtect.exe (bProtector)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\protector.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll ()
MOD - C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll ()
MOD - C:\Users\TERROR~1\AppData\Local\Google\Chrome\APPLIC~1\150874~1.106\gcswf32.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RelevantKnowledge) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (bProtector) -- C:\ProgramData\bProtector\bProtect.exe (bProtector)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2c64.sys (BIOSTAR Group)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.etype.com/?smart=1
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 3C 2E 01 C1 68 CD 01  [binary data]
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{12C1D674-2692-43A7-A4B8-97112E2C0304}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.etype.com/?smart=1&query={searchTerms}
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcsearchTerms}&sp=blac&t=a0731
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{DD2CC4B3-95D3-41CD-B98C-5ABB3A58ACC6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "search the web"
FF - prefs.js..browser.search.order.1: "search the web"
FF - prefs.js..browser.search.selectedengine: "search the web"
FF - prefs.js..keyword.url: "hxxp://search.etype.com/?smart=1&query="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2013.02.24 20:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.24 20:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.26 21:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Extensions
[2012.05.18 10:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions
[2012.05.18 10:11:09 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.01.14 11:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions
[2013.02.24 20:18:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2012.10.12 13:55:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.01.14 11:13:11 | 000,002,308 | ---- | M] () -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\searchplugins\askcom.xml
[2013.02.22 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.19.11_0\
CHR - Extension: No name found = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\
 
Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001..\Run: [LG LinkAir]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CE8280-4C11-4AC0-909E-483D19D5053D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (protector.dll) -  File not found
O20 - AppInit_DLLs: (protector.dll) - C:\Windows\SysWow64\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.24 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Roaming\Malwarebytes
[2013.02.24 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.24 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.24 20:54:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.24 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.24 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Local\Programs
[2013.02.24 20:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2013.02.21 22:08:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.02 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.02 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.24 22:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.24 20:54:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 20:31:34 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 20:31:34 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 20:23:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 20:23:02 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 19:39:33 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.09 19:39:33 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.09 19:39:33 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.09 19:39:33 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.09 19:39:33 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.08 14:29:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.08 14:29:14 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 14:54:53 | 000,002,630 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg
[2013.02.04 20:26:38 | 000,005,026 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg
[2013.02.04 20:26:22 | 000,163,726 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg
[2013.02.02 22:18:51 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.24 20:54:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.06 14:54:51 | 000,002,630 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg
[2013.02.04 20:26:37 | 000,005,026 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg
[2013.02.04 20:26:18 | 000,163,726 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg
[2013.02.02 22:18:50 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.20 16:16:48 | 000,793,080 | ---- | C] () -- C:\Windows\SysWow64\protector.dll
[2012.04.26 13:30:04 | 000,001,518 | ---- | C] () -- C:\Users\TerrorKruemel\.recently-used.xbel
[2012.03.11 12:09:55 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.25 10:59:45 | 000,000,045 | ---- | C] () -- C:\Users\TerrorKruemel\autorun.inf
[2011.12.25 10:51:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011.07.26 06:40:37 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 24.02.2013 22:35:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,82% Memory free
8,00 Gb Paging File | 5,84 Gb Available in Paging File | 73,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 784,14 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087D1E92-16BB-4A91-AE3C-C7CF3E6C9D82}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1A0C684C-6560-4B18-B7BD-2CABD23EC615}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ACC75E7-2469-4243-9966-ECAAA657D013}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{27EF9B0A-54E4-46EF-91A8-465EB335C4CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C8B43D6-FC3B-4D4F-A672-6729F6261633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31C2F67A-0039-4EB9-AE0E-09AE1016200B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4176BC52-6562-4D24-BE96-561D91055967}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{451FF838-EF5C-4734-B0F3-9A29581B51C6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{54595E22-E7A0-4284-821E-89641D43F945}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5AF9545B-5CB2-45C1-B265-85D7DCD0788C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5B079709-196B-443E-971E-5BF923242D9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5C9A864A-B901-4107-BD18-811D4943AA54}" = lport=138 | protocol=17 | dir=in | app=system | 
"{609806D6-9977-4B63-960F-F8E7181F34DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6260245C-8458-4F82-AFD1-B66E57ABB419}" = rport=139 | protocol=6 | dir=out | app=system | 
"{72EADCBF-FAF9-4593-A362-BD242AA94198}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EE8CBB8-F2A9-4EB1-83F8-FFFFA3B83761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{840C278B-ED4A-4DC3-BD88-0723CBFAC0A9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{873BA7DE-B505-4AF9-9E9A-593112A2FD7D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9000B06D-25DA-4AA7-A072-AE70B430FB3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0443364-D60C-422F-82F7-4A6A85687AC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A46F768D-18AC-4547-9D3C-5C6EE2533E40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7BD3957-EE7C-4CFD-AC01-F0BF7EFE719C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD49E7E4-BF0E-437A-A553-B65F1779285B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AFF29CF9-CF01-4B38-822A-7F3D70FF0FD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5B0BDB9-4673-4BC1-8781-1371E8B557D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B9234865-CEC6-486F-BFDA-4DEF9A8D3F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C498A6C9-D33B-47DA-A43E-FBC084A54BF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D3614A2C-E5C9-4B14-9C35-6C08CB333FFB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D64FF27D-592D-46FB-9DDC-DA5671211A03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D77A0698-53CA-4BA9-83EA-5F5D69A8264A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE27FB9E-4BCF-4918-BC8D-9F8DE1583A98}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E0C92863-19C8-47FA-A3FB-FD6C0D1883A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{ED3D4138-B44F-4CC3-A605-5057557D705E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE943F0E-8592-456F-97BB-B7BB63E4AF26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F53FFC14-57C4-43BF-8EF5-8121985B29C8}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AD2C34-519E-4D88-AB15-5CE50883767E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0F663FE8-8FA3-4981-A42F-6ED2355FC1BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{148EA85A-DE9D-4B6C-B786-931E1A794FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{17F5EFB7-38FC-493A-A6F3-95BF9604F6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{1A20A954-1C18-4E70-A609-1882E2378615}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1E427FF2-D2D6-4EBF-992F-B0BC831F74DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22B3213B-52BA-48DD-944D-E943C8C6E90B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22D71BD7-AE80-4150-A4FC-CACDE2503579}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{2523E811-A6E5-417F-97EF-7818C13EBB55}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{2AA3B9A0-9DF3-4172-8164-10587577CA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2EBF4371-9E4D-4C4A-B666-08CE27055F40}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{31692A4C-6CAE-4520-87DC-71123056AA0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{44DBB525-BEE1-4540-A232-E681AA1ED0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4BC1593D-1883-42FB-9CEF-33303F7D2416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{523E77F7-FDC5-4EA3-98FC-6B6AB22C5553}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{591CCF63-CC02-4CD8-A1C4-C1024A045043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5A3EDEF9-60B1-4004-80BA-7F1893F6A83C}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{5B857988-2FAC-4D6B-8AD8-C2E2048326E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{5DF620A6-0DB2-4BD0-BF8F-77E7ACB9CD09}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{5F363ACF-F3CA-4075-AD2A-7C8AD07A3DAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F778C35-C34C-4F2B-ADA0-6ED2321D7DB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FBF93D1-DD07-466C-BDC5-B54B1047B5F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6671CB26-704F-44C5-8A83-0C73F81A91EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6F2CE35E-C83B-439B-A7BD-D6DF42B56280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{735241CA-9C0C-493C-9F82-A57EB0D177A5}" = protocol=6 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe | 
"{7B29728D-3EC6-4D32-84DE-6A9CC895C5C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7D36425E-734B-49F4-8B93-F30BB8B934F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{80E0CB1D-A940-4FCC-AF19-E06CF650F2EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8245FFBF-DCD7-4F93-BF9C-6176518C6848}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{8F6DB27C-24BC-46E2-B4AD-32A995D89A83}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{9205CAF7-4181-4CB2-9EBB-403AF66AC537}" = protocol=17 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe | 
"{923B5468-EDB6-4073-8024-88E32AE99A58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A29E2A1E-785E-4E58-8C4D-EB80A69D309F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6141802-88FF-4B01-ACD6-3C922BCC089F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{BBF1E774-CAF2-404F-BDE0-115DE88D56B5}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{C1FCF136-ADA3-41E6-A642-8DC5EA22368A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CD1DC6E0-6FC6-45E0-A0CC-8263CB3FB3DB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CD23AC41-9CA2-4B56-B5AB-D11672110B0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DD0973B6-52DE-4A08-A15F-4A72BED3489E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DFF0DCA3-6DD6-4815-9010-2A0C5259F7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E281FB66-6AD5-4C9C-8ED4-5A11E5560014}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{E4BD1750-3C1D-4B37-873D-15F31633F7B9}" = protocol=6 | dir=out | app=system | 
"{E90626D8-ABFA-4DC3-864B-78E98C229CBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E97433AF-5345-45D2-A79F-1F6E7C143BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{EF77647B-2E80-43CE-9195-BB7E09FBE5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F28571BE-864F-42C5-910B-DDDE0870D11C}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{F912CF1E-D4A8-48A8-86A1-0D9D4128C98D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD6A2256-8082-4202-944D-65DABF3AC4DF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{16EE200C-E069-4B51-8AA4-449C564F6A47}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{44A56481-7E79-4E50-BF2D-7DFDD7FB52D1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"TCP Query User{AA225459-74F7-4275-9F11-89087490141F}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=6 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe | 
"UDP Query User{101104BD-475C-47A7-A63C-969F4EF1C9A1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"UDP Query User{60EEDCB2-00AE-4E0B-93D3-9D3B6D11FA89}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=17 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe | 
"UDP Query User{B76ED0F6-4D9A-4315-A8EC-C69D8AE19F6E}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6540D6AD-4218-444D-84EC-E6C85F35EE31}" = Eldorado
"{6642BF47-D82A-447B-90E7-658FA865AFD7}" = Temperature Monitor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"Updater Service" = Updater Service
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.02.2013 04:08:27 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 07:37:06 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 07:46:06 | Computer Name = Home | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 20.02.2013 07:46:28 | Computer Name = Home | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Failed to make the SOAP Call HResult: 0x800c0005.
 Exception caught while trying to report the Update Event
 
Error - 20.02.2013 12:02:43 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 03:21:17 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 07:41:04 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 14:58:36 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 15:05:09 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 15:41:16 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 15:48:10 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 15:54:33 | Computer Name = Home | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\TerrorKruemel\Downloads\SoftonicDownloader_fuer_secret-maryo-chronicles.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.02.2013 16:47:50 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 07.05.2012 08:07:45 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 14:07:45 - Fehler beim Herstellen der Internetverbindung.  14:07:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.05.2012 08:07:53 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 14:07:50 - Fehler beim Herstellen der Internetverbindung.  14:07:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 17:19:04 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 23:19:04 - Fehler beim Herstellen der Internetverbindung.  23:19:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 17:19:13 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 23:19:10 - Fehler beim Herstellen der Internetverbindung.  23:19:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 18:19:18 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 00:19:18 - Fehler beim Herstellen der Internetverbindung.  00:19:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 18:19:24 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 00:19:23 - Fehler beim Herstellen der Internetverbindung.  00:19:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 19:19:28 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 01:19:28 - Fehler beim Herstellen der Internetverbindung.  01:19:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 19:19:34 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 01:19:33 - Fehler beim Herstellen der Internetverbindung.  01:19:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 20:19:38 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 02:19:38 - Fehler beim Herstellen der Internetverbindung.  02:19:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.05.2012 20:19:44 | Computer Name = Home | Source = MCUpdate | ID = 0
Description = 02:19:43 - Fehler beim Herstellen der Internetverbindung.  02:19:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 24.02.2013 15:20:20 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:20:32 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:20:32 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:23:20 | Computer Name = Home | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 24.02.2013 15:23:20 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 24.02.2013 15:23:22 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:23:29 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:23:29 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.02.2013 15:25:27 | Computer Name = Home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 24.02.2013 15:25:27 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
__________________

Alt 24.02.2013, 22:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.02.2013, 22:53   #5
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Soo als erstes mal den Log von GMER:

Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 23:17:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST31000524AS rev.JC4B 931,51GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\TERROR~1\AppData\Local\Temp\pgddipow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000751a1465 2 bytes [1A, 75]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000751a14bb 2 bytes [1A, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                           000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                      0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSASend                                                                               000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                                       000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSARecv                                                                               000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!connect + 1                                                                           000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!send                                                                                  000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!sendto                                                                                000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!recv                                                                                  000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!recvfrom                                                                              000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                             000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                            000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                           000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text   C:\Windows\system32\Dwm.exe[2172] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                                              00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                               000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                          0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\SSPICLI.DLL!EncryptMessage                                                                           000007fefdb450a0 7 bytes {JMP QWORD [RIP+0xd3b1e2]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\SSPICLI.DLL!DecryptMessage                                                                           000007fefdb451f4 7 bytes {JMP QWORD [RIP+0xd3b0be]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                                                  00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSASend                                                                                   000007feff8013b0 10 bytes {JMP QWORD [RIP-0xf8124e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                                           000007feff8018e1 8 bytes {JMP QWORD [RIP-0xf8183e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSARecv                                                                                   000007feff802200 10 bytes {JMP QWORD [RIP-0xf820ce]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!connect + 1                                                                               000007feff8045c1 6 bytes {JMP QWORD [RIP-0xf8457e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!send                                                                                      000007feff808000 10 bytes {JMP QWORD [RIP-0xf87f2e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!sendto                                                                                    000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xf8d5fe]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!recv                                                                                      000007feff80df40 10 bytes {JMP QWORD [RIP-0xf8de3e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!recvfrom                                                                                  000007feff80eb90 7 bytes {JMP QWORD [RIP-0xf8e9ce]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                                 000007feff80ed50 10 bytes {JMP QWORD [RIP-0xf8eafe]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                                    000007feff827a50 7 bytes {JMP QWORD [RIP-0xfa78be]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                                000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xfae07e]}
.text   C:\Windows\Explorer.EXE[2576] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                               000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xfae49e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSASend                                                                    000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                            000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSARecv                                                                    000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!connect + 1                                                                000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!send                                                                       000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!sendto                                                                     000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!recv                                                                       000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!recvfrom                                                                   000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                  000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                     000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text   C:\Program Files\Zune\ZuneLauncher.exe[3236] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                                   00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\kernel32.dll!CreateProcessW                                           0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                   00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSASend                                                    000007feff8013b0 10 bytes {JMP QWORD [RIP-0x119124e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!closesocket + 1                                            000007feff8018e1 8 bytes {JMP QWORD [RIP-0x119183e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSARecv                                                    000007feff802200 10 bytes {JMP QWORD [RIP-0x11920ce]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!connect + 1                                                000007feff8045c1 6 bytes {JMP QWORD [RIP-0x119457e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!send                                                       000007feff808000 10 bytes {JMP QWORD [RIP-0x1197f2e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!sendto                                                     000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x119d5fe]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!recv                                                       000007feff80df40 10 bytes {JMP QWORD [RIP-0x119de3e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!recvfrom                                                   000007feff80eb90 7 bytes {JMP QWORD [RIP-0x119e9ce]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSASendTo                                                  000007feff80ed50 10 bytes {JMP QWORD [RIP-0x119eafe]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                     000007feff827a50 7 bytes {JMP QWORD [RIP-0x11b78be]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSAConnect                                                 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x11be07e]}
.text   C:\Program Files\Microsoft Security Client\msseces.exe[3296] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x11be49e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                          000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\kernel32.dll!CreateProcessW                                                     0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                             00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\SSPICLI.DLL!EncryptMessage                                                      000007fefdb450a0 7 bytes {JMP QWORD [RIP+0xd3b1e2]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\SSPICLI.DLL!DecryptMessage                                                      000007fefdb451f4 7 bytes {JMP QWORD [RIP+0xd3b0be]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSASend                                                              000007feff8013b0 10 bytes {JMP QWORD [RIP-0xf8124e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                      000007feff8018e1 8 bytes {JMP QWORD [RIP-0xf8183e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSARecv                                                              000007feff802200 10 bytes {JMP QWORD [RIP-0xf820ce]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!connect + 1                                                          000007feff8045c1 6 bytes {JMP QWORD [RIP-0xf8457e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!send                                                                 000007feff808000 10 bytes {JMP QWORD [RIP-0xf87f2e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!sendto                                                               000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xf8d5fe]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!recv                                                                 000007feff80df40 10 bytes {JMP QWORD [RIP-0xf8de3e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!recvfrom                                                             000007feff80eb90 7 bytes {JMP QWORD [RIP-0xf8e9ce]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSASendTo                                                            000007feff80ed50 10 bytes {JMP QWORD [RIP-0xf8eafe]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                               000007feff827a50 7 bytes {JMP QWORD [RIP-0xfa78be]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSAConnect                                                           000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xfae07e]}
.text   C:\Program Files\Windows Sidebar\sidebar.exe[3304] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                          000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xfae49e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\kernel32.dll!CreateProcessW                                           0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSASend                                                    000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!closesocket + 1                                            000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSARecv                                                    000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!connect + 1                                                000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!send                                                       000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!sendto                                                     000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!recv                                                       000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!recvfrom                                                   000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSASendTo                                                  000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                     000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSAConnect                                                 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3504] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                   00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\kernel32.dll!CreateProcessW                   0000000075a6103d 5 bytes JMP 00000001100459d8
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus        0000000075a7d3ab 5 bytes JMP 00000001100449b3
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                    000000007516124e 5 bytes JMP 0000000110041eeb
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                    000000007516129d 5 bytes JMP 00000001100437eb
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!sendto                             00000000753134b5 5 bytes JMP 0000000110044fba
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!closesocket                        0000000075313918 5 bytes JMP 0000000110043438
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSASend                            0000000075314406 5 bytes JMP 0000000110043fb2
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!recv                               0000000075316b0e 5 bytes JMP 0000000110044429
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!connect                            0000000075316bdd 5 bytes JMP 0000000110042f4b
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!send                               0000000075316f01 5 bytes JMP 0000000110043a40
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSARecv                            0000000075317089 5 bytes JMP 0000000110046a69
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult             0000000075317489 5 bytes JMP 00000001100446c2
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!recvfrom                           000000007531b6dc 5 bytes JMP 0000000110044d0c
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom                        000000007531cba6 5 bytes JMP 0000000110046d5d
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSAConnect                         000000007531cc3f 5 bytes JMP 00000001100432c1
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WS2_32.dll!WSASendTo                          000000007532b30c 5 bytes JMP 0000000110045549
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\ole32.dll!CoGetClassObject                    0000000075d454ad 5 bytes JMP 000000011003863d
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile           000000007554afb8 5 bytes JMP 0000000110047453
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000751a1465 2 bytes [1A, 75]
.text   C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000751a14bb 2 bytes [1A, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                 0000000075a6103d 5 bytes JMP 00000001100459d8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus                      0000000075a7d3ab 5 bytes JMP 00000001100449b3
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                                  000000007516124e 5 bytes JMP 0000000110041eeb
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                                  000000007516129d 5 bytes JMP 00000001100437eb
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile                         000000007554afb8 5 bytes JMP 0000000110047453
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\ole32.dll!CoGetClassObject                                  0000000075d454ad 5 bytes JMP 000000011003863d
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!sendto                                           00000000753134b5 5 bytes JMP 0000000110044fba
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!closesocket                                      0000000075313918 5 bytes JMP 0000000110043438
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSASend                                          0000000075314406 5 bytes JMP 0000000110043fb2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!recv                                             0000000075316b0e 5 bytes JMP 0000000110044429
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!connect                                          0000000075316bdd 5 bytes JMP 0000000110042f4b
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!send                                             0000000075316f01 5 bytes JMP 0000000110043a40
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSARecv                                          0000000075317089 5 bytes JMP 0000000110046a69
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult                           0000000075317489 5 bytes JMP 00000001100446c2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!recvfrom                                         000000007531b6dc 5 bytes JMP 0000000110044d0c
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom                                      000000007531cba6 5 bytes JMP 0000000110046d5d
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                       000000007531cc3f 5 bytes JMP 00000001100432c1
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\WS2_32.dll!WSASendTo                                        000000007532b30c 5 bytes JMP 0000000110045549
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000751a1465 2 bytes [1A, 75]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000751a14bb 2 bytes [1A, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      00000000751a1465 2 bytes [1A, 75]
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000751a14bb 2 bytes [1A, 75]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\kernel32.dll!CreateProcessW                                           0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSASend                                                    000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!closesocket + 1                                            000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSARecv                                                    000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!connect + 1                                                000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!send                                                       000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!sendto                                                     000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!recv                                                       000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!recvfrom                                                   000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSASendTo                                                  000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                     000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSAConnect                                                 000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text   C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe[3488] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                   00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                  000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\kernel32.dll!CreateProcessW                                                             0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSASend                                                                      000007feff8013b0 10 bytes {JMP QWORD [RIP-0x14124e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                              000007feff8018e1 8 bytes {JMP QWORD [RIP-0x14183e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSARecv                                                                      000007feff802200 10 bytes {JMP QWORD [RIP-0x1420ce]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!connect + 1                                                                  000007feff8045c1 6 bytes {JMP QWORD [RIP-0x14457e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!send                                                                         000007feff808000 10 bytes {JMP QWORD [RIP-0x147f2e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!sendto                                                                       000007feff80d7f0 7 bytes {JMP QWORD [RIP-0x14d5fe]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!recv                                                                         000007feff80df40 10 bytes {JMP QWORD [RIP-0x14de3e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!recvfrom                                                                     000007feff80eb90 7 bytes {JMP QWORD [RIP-0x14e9ce]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                    000007feff80ed50 10 bytes {JMP QWORD [RIP-0x14eafe]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                       000007feff827a50 7 bytes {JMP QWORD [RIP-0x1678be]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                   000007feff82e0f0 7 bytes {JMP QWORD [RIP-0x16e07e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                  000007feff82e6c0 7 bytes {JMP QWORD [RIP-0x16e49e]}
.text   C:\Windows\system32\wbem\unsecapp.exe[868] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                                     00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus                                                        000000007755a4d0 8 bytes {JMP QWORD [RIP-0x1755a48e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                   0000000077571b50 12 bytes {JMP QWORD [RIP-0x17571aae]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSASend                                                                            000007feff8013b0 10 bytes {JMP QWORD [RIP-0xed124e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!closesocket + 1                                                                    000007feff8018e1 8 bytes {JMP QWORD [RIP-0xed183e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSARecv                                                                            000007feff802200 10 bytes {JMP QWORD [RIP-0xed20ce]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!connect + 1                                                                        000007feff8045c1 6 bytes {JMP QWORD [RIP-0xed457e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!send                                                                               000007feff808000 10 bytes {JMP QWORD [RIP-0xed7f2e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!sendto                                                                             000007feff80d7f0 7 bytes {JMP QWORD [RIP-0xedd5fe]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!recv                                                                               000007feff80df40 10 bytes {JMP QWORD [RIP-0xedde3e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!recvfrom                                                                           000007feff80eb90 7 bytes {JMP QWORD [RIP-0xede9ce]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSASendTo                                                                          000007feff80ed50 10 bytes {JMP QWORD [RIP-0xedeafe]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult                                                             000007feff827a50 7 bytes {JMP QWORD [RIP-0xef78be]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSAConnect                                                                         000007feff82e0f0 7 bytes {JMP QWORD [RIP-0xefe07e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WS2_32.dll!WSARecvFrom                                                                        000007feff82e6c0 7 bytes {JMP QWORD [RIP-0xefe49e]}
.text   C:\Windows\system32\wuauclt.exe[904] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile                                                           00000000772d6a6c 10 bytes {JMP QWORD [RIP-0x172d69fa]}

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1560:4432]                                                                                                            000007fef8f5e8c4

---- EOF - GMER 2.1 ----
         
und dann den ersten von Malwarebytes Anti-Rootkit

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TerrorKruemel :: HOME [administrator]

24.02.2013 23:29:54
mbar-log-2013-02-24 (23-29-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29209
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 6
c:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1820 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 1032 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 3876 -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> 3216 -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1744 -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> 1852 -> Delete on reboot.

Memory Modules Detected: 5
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.

Registry Keys Detected: 7
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.BundleInstaller.IB) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (PUP.BundleInstaller.IB) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bProtector (PUP.BProtector) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.BProtector) -> Delete on reboot.
HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\BPROTECTOR|iexplore homepages (PUP.BProtector) -> Data: hxxp://go.microsoft.com/fwlink/?LinkId=69157^hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731^^ -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BPROTECTOR|ImagePath (PUP.BProtector) -> Data: C:\ProgramData\bProtector\bProtect.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 28
c:\ProgramData\bProtector (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.

Files Detected: 102
c:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Windows\System32\fsvk.exe.exe (Worm.Zhelatin) -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.settings (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\bProtect.exe (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\bProtector\component_332.decrpt (PUP.BProtector) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\asmcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\egdcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID -  Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.

(end)
         
und denn 2ten nach dem neustart

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TerrorKruemel :: HOME [administrator]

24.02.2013 23:40:15
mbar-log-2013-02-24 (23-40-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28789
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 25.02.2013, 09:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Mein PC macht nicht mehr das was er soll!

Alt 25.02.2013, 10:10   #7
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Das Log von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 10:26:40
-----------------------------
10:26:40.305    OS Version: Windows x64 6.1.7601 Service Pack 1
10:26:40.305    Number of processors: 2 586 0x170A
10:26:40.306    ComputerName: HOME  UserName: 
10:26:41.503    Initialize success
10:27:24.264    AVAST engine defs: 13022401
10:28:06.918    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:28:06.918    Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
10:28:06.918    Disk 0 MBR read successfully
10:28:06.918    Disk 0 MBR scan
10:28:06.934    Disk 0 Windows 7 default MBR code
10:28:06.934    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953867 MB offset 2048
10:28:06.981    Disk 0 scanning C:\Windows\system32\drivers
10:28:19.619    Service scanning
10:28:47.871    Modules scanning
10:28:47.871    Disk 0 trace - called modules:
10:28:47.886    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
10:28:47.886    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c114d0]
10:28:47.886    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800474d520]
10:28:47.886    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004738680]
10:28:56.999    AVAST engine scan C:\Windows
10:29:03.907    AVAST engine scan C:\Windows\system32
10:33:21.021    AVAST engine scan C:\Windows\system32\drivers
10:33:37.572    AVAST engine scan C:\Users\TerrorKruemel
10:49:37.256    AVAST engine scan C:\ProgramData
10:52:28.120    Scan finished successfully
10:54:58.333    Disk 0 MBR has been saved successfully to "C:\Users\TerrorKruemel\Desktop\MBR.dat"
10:54:58.396    The log file has been saved successfully to "C:\Users\TerrorKruemel\Desktop\aswMBR.txt"
         

Alt 25.02.2013, 10:15   #8
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Den Log für den TDSSKiller musste ich in einen Anhang machen, weil er viel zu lang für in die Antwort ist ...


übrigens hat sich plötzlich die Browserstartseite von Google auf hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731 geändert.

Auserdem verlangt er ein Update von "juchcheck.exe" verifizierter Herausgeber ist "Oracle America, Inc." keine Ahnung was das ist, der BildButton sieht aus wie der von Java und wenn ich auf "Nein" klicke, gibt er auch an ein Java-Update zu sein, traue dem Braten aber nicht so recht!

Alt 25.02.2013, 12:25   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2013, 12:44   #10
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



So habe gerade den ADW Cleaner laufen lassen. Dann wollte er neustarten, was ich laut Aufforderung auch zugelassen habe. Nun ist er runtergefahren, ist an, rechnet, lüftet, aber fährt nicht wieder hoch! der Bildschirm bleibt einfach schwarz.

Alt 25.02.2013, 12:49   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Nochmal neu starten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2013, 12:57   #12
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



der Log von JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by TerrorKruemel on 25.02.2013 at 13:30:02,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Search Bar
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\search\\Default_Search_URL
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218329753-2017860753-312165954-1001\software\microsoft\internet explorer\search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\protector.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\AppData\Roaming\etype"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\TerrorKruemel\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ FireFox

Successfully deleted: [File] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Successfully deleted the following from C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\prefs.js

user_pref("extensions.helperbar.smartbardisabled", false);
user_pref("extensions.helperbar.smartbarstateminimaized", false);
user_pref("keyword.url", "hxxp://search.etype.com/?smart=1&query=");
Emptied folder: C:\Users\TerrorKruemel\AppData\Roaming\mozilla\firefox\profiles\60uqusri.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\plmlpkfpkijnlijgalnjaacllnjmoamo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 13:34:57,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ADW-Cleaner :

Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 25/02/2013 um 13:37:39 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : TerrorKruemel - HOME
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TerrorKruemel\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\TerrorKruemel\AppData\Roaming\Mozilla\Firefox\Profiles\60uqusri.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0230100-3044-43B1-A44E-70DC12FD418C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\TerrorKruemel\AppData\Roaming\Mozilla\Firefox\Profiles\60uqusri.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "search the web");
Gelöscht : user_pref("browser.search.order.1", "search the web");
Gelöscht : user_pref("browser.search.selectedengine", "search the web");
Gelöscht : user_pref("extensions.installcache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{c7ae725d-fa5c-[...]

-\\ Google Chrome v15.0.874.106

Datei : C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.32] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.35] : keyword = "ask.com",
Gelöscht [l.38] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF[...]
Gelöscht [l.39] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.1536] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1671] : urls_to_restore_on_startup = [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]

*************************

AdwCleaner[S1].txt - [5646 octets] - [25/02/2013 13:37:39]

########## EOF - C:\AdwCleaner[S1].txt - [5706 octets] ##########
         
OTL läuft noch, reiche ich dann gleich nach!

Alt 25.02.2013, 13:00   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Was ist mit OTL?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2013, 13:04   #14
Waschbärchen
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Nun dann also OTL:

Code:
ATTFilter
OTL logfile created on: 25.02.2013 13:55:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 785,47 Gb Free Space | 84,32% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TerrorKruemel\Desktop\dl's\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2c64.sys (BIOSTAR Group)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 3C 2E 01 C1 68 CD 01  [binary data]
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{12C1D674-2692-43A7-A4B8-97112E2C0304}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\..\SearchScopes\{DD2CC4B3-95D3-41CD-B98C-5ABB3A58ACC6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.24 20:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.26 21:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Extensions
[2012.05.18 10:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions
[2012.05.18 10:11:09 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.02.25 13:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TerrorKruemel\AppData\Roaming\mozilla\Firefox\Profiles\60uqusri.default\extensions
[2013.02.22 20:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_ptnrs=U3&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TerrorKruemel\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
Hosts file not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001..\Run: [LG LinkAir]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CE8280-4C11-4AC0-909E-483D19D5053D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (protector.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d181-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d1a8-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{0654d1ac-6aeb-11e1-a9f9-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{39523bb8-69be-11e1-a0a6-003067be0acd}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336527-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336556-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{47336558-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4733659a-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4733659d-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{473365c5-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{473365c8-6b4c-11e1-92bf-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432a5-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432b2-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1432be-6ac4-11e1-800b-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{899d20e0-2ede-11e1-9708-003067be0acd}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{cbc35a6a-71c0-11e1-ad35-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{d04b8ce1-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{d04b8ce5-6ab5-11e1-a5aa-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee811-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee814-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee820-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell - "" = AutoRun
O33 - MountPoints2\{e4eee824-6ae0-11e1-88a0-003067be0acd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 13:30:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.25 13:29:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.25 10:58:07 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\36471435.sys
[2013.02.25 03:00:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.25 03:00:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.25 03:00:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.25 03:00:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.25 03:00:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.25 03:00:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.25 03:00:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.25 03:00:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.25 03:00:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.25 03:00:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.25 03:00:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.25 03:00:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.25 03:00:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.25 03:00:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.25 03:00:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.24 23:22:14 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\Desktop\mbar
[2013.02.24 20:54:23 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Roaming\Malwarebytes
[2013.02.24 20:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.24 20:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.24 20:54:15 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.24 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.24 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\TerrorKruemel\AppData\Local\Programs
[2013.02.21 22:08:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.02 22:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.02 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 13:51:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 13:51:14 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.25 13:38:01 | 000,000,180 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.25 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.25 11:06:43 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 11:06:43 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 10:58:07 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\36471435.sys
[2013.02.25 10:54:58 | 000,000,512 | ---- | M] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat
[2013.02.25 03:22:53 | 000,277,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.25 03:03:56 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.25 03:03:56 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.25 03:03:56 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.25 03:03:56 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.25 03:03:55 | 001,635,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.25 03:02:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.24 20:54:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.08 14:29:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.08 14:29:14 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.06 14:54:53 | 000,002,630 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg
[2013.02.04 20:26:38 | 000,005,026 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg
[2013.02.04 20:26:22 | 000,163,726 | ---- | M] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg
[2013.02.02 22:18:51 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.25 13:37:52 | 000,000,180 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.25 10:54:58 | 000,000,512 | ---- | C] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat
[2013.02.24 20:54:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.06 14:54:51 | 000,002,630 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130206_145448.reg
[2013.02.04 20:26:37 | 000,005,026 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202635.reg
[2013.02.04 20:26:18 | 000,163,726 | ---- | C] () -- C:\Users\TerrorKruemel\Documents\cc_20130204_202614.reg
[2013.02.02 22:18:50 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.26 13:30:04 | 000,001,518 | ---- | C] () -- C:\Users\TerrorKruemel\.recently-used.xbel
[2012.03.11 12:09:55 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.25 10:59:45 | 000,000,045 | ---- | C] () -- C:\Users\TerrorKruemel\autorun.inf
[2011.12.25 10:51:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011.07.26 06:40:37 | 001,591,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

und Extras:

Code:
ATTFilter
OTL Extras logfile created on: 25.02.2013 13:55:56 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TerrorKruemel\Desktop\dl's
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 785,47 Gb Free Space | 84,32% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: TerrorKruemel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087D1E92-16BB-4A91-AE3C-C7CF3E6C9D82}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1A0C684C-6560-4B18-B7BD-2CABD23EC615}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ACC75E7-2469-4243-9966-ECAAA657D013}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{27EF9B0A-54E4-46EF-91A8-465EB335C4CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C8B43D6-FC3B-4D4F-A672-6729F6261633}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31C2F67A-0039-4EB9-AE0E-09AE1016200B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4176BC52-6562-4D24-BE96-561D91055967}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{451FF838-EF5C-4734-B0F3-9A29581B51C6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{54595E22-E7A0-4284-821E-89641D43F945}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5AF9545B-5CB2-45C1-B265-85D7DCD0788C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5B079709-196B-443E-971E-5BF923242D9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5C9A864A-B901-4107-BD18-811D4943AA54}" = lport=138 | protocol=17 | dir=in | app=system | 
"{609806D6-9977-4B63-960F-F8E7181F34DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6260245C-8458-4F82-AFD1-B66E57ABB419}" = rport=139 | protocol=6 | dir=out | app=system | 
"{72EADCBF-FAF9-4593-A362-BD242AA94198}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EE8CBB8-F2A9-4EB1-83F8-FFFFA3B83761}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{840C278B-ED4A-4DC3-BD88-0723CBFAC0A9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{873BA7DE-B505-4AF9-9E9A-593112A2FD7D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9000B06D-25DA-4AA7-A072-AE70B430FB3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0443364-D60C-422F-82F7-4A6A85687AC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A46F768D-18AC-4547-9D3C-5C6EE2533E40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7BD3957-EE7C-4CFD-AC01-F0BF7EFE719C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD49E7E4-BF0E-437A-A553-B65F1779285B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AFF29CF9-CF01-4B38-822A-7F3D70FF0FD1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5B0BDB9-4673-4BC1-8781-1371E8B557D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B9234865-CEC6-486F-BFDA-4DEF9A8D3F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C498A6C9-D33B-47DA-A43E-FBC084A54BF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D3614A2C-E5C9-4B14-9C35-6C08CB333FFB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D64FF27D-592D-46FB-9DDC-DA5671211A03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D77A0698-53CA-4BA9-83EA-5F5D69A8264A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DE27FB9E-4BCF-4918-BC8D-9F8DE1583A98}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E0C92863-19C8-47FA-A3FB-FD6C0D1883A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{ED3D4138-B44F-4CC3-A605-5057557D705E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE943F0E-8592-456F-97BB-B7BB63E4AF26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F53FFC14-57C4-43BF-8EF5-8121985B29C8}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AD2C34-519E-4D88-AB15-5CE50883767E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0F663FE8-8FA3-4981-A42F-6ED2355FC1BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{148EA85A-DE9D-4B6C-B786-931E1A794FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{17F5EFB7-38FC-493A-A6F3-95BF9604F6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{1A20A954-1C18-4E70-A609-1882E2378615}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1E427FF2-D2D6-4EBF-992F-B0BC831F74DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22B3213B-52BA-48DD-944D-E943C8C6E90B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{22D71BD7-AE80-4150-A4FC-CACDE2503579}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{2523E811-A6E5-417F-97EF-7818C13EBB55}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{2AA3B9A0-9DF3-4172-8164-10587577CA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2EBF4371-9E4D-4C4A-B666-08CE27055F40}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{31692A4C-6CAE-4520-87DC-71123056AA0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{44DBB525-BEE1-4540-A232-E681AA1ED0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4BC1593D-1883-42FB-9CEF-33303F7D2416}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{523E77F7-FDC5-4EA3-98FC-6B6AB22C5553}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{591CCF63-CC02-4CD8-A1C4-C1024A045043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5A3EDEF9-60B1-4004-80BA-7F1893F6A83C}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{5B857988-2FAC-4D6B-8AD8-C2E2048326E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{5DF620A6-0DB2-4BD0-BF8F-77E7ACB9CD09}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{5F363ACF-F3CA-4075-AD2A-7C8AD07A3DAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F778C35-C34C-4F2B-ADA0-6ED2321D7DB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FBF93D1-DD07-466C-BDC5-B54B1047B5F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6671CB26-704F-44C5-8A83-0C73F81A91EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6F2CE35E-C83B-439B-A7BD-D6DF42B56280}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{735241CA-9C0C-493C-9F82-A57EB0D177A5}" = protocol=6 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe | 
"{7B29728D-3EC6-4D32-84DE-6A9CC895C5C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7D36425E-734B-49F4-8B93-F30BB8B934F4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{80E0CB1D-A940-4FCC-AF19-E06CF650F2EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8245FFBF-DCD7-4F93-BF9C-6176518C6848}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{8F6DB27C-24BC-46E2-B4AD-32A995D89A83}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{9205CAF7-4181-4CB2-9EBB-403AF66AC537}" = protocol=17 | dir=in | app=c:\users\terrorkruemel\appdata\local\google\chrome\application\chrome.exe | 
"{923B5468-EDB6-4073-8024-88E32AE99A58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A29E2A1E-785E-4E58-8C4D-EB80A69D309F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6141802-88FF-4B01-ACD6-3C922BCC089F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{BBF1E774-CAF2-404F-BDE0-115DE88D56B5}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"{C1FCF136-ADA3-41E6-A642-8DC5EA22368A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CD1DC6E0-6FC6-45E0-A0CC-8263CB3FB3DB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CD23AC41-9CA2-4B56-B5AB-D11672110B0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DD0973B6-52DE-4A08-A15F-4A72BED3489E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DFF0DCA3-6DD6-4815-9010-2A0C5259F7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E281FB66-6AD5-4C9C-8ED4-5A11E5560014}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{E4BD1750-3C1D-4B37-873D-15F31633F7B9}" = protocol=6 | dir=out | app=system | 
"{E90626D8-ABFA-4DC3-864B-78E98C229CBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E97433AF-5345-45D2-A79F-1F6E7C143BDE}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{EF77647B-2E80-43CE-9195-BB7E09FBE5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F28571BE-864F-42C5-910B-DDDE0870D11C}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{F912CF1E-D4A8-48A8-86A1-0D9D4128C98D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD6A2256-8082-4202-944D-65DABF3AC4DF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{16EE200C-E069-4B51-8AA4-449C564F6A47}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{44A56481-7E79-4E50-BF2D-7DFDD7FB52D1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"TCP Query User{AA225459-74F7-4275-9F11-89087490141F}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=6 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe | 
"UDP Query User{101104BD-475C-47A7-A63C-969F4EF1C9A1}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"UDP Query User{60EEDCB2-00AE-4E0B-93D3-9D3B6D11FA89}C:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe" = protocol=17 | dir=in | app=c:\users\terrorkruemel\desktop\dl's\tinyumbrella-6.00.01.exe | 
"UDP Query User{B76ED0F6-4D9A-4315-A8EC-C69D8AE19F6E}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6540D6AD-4218-444D-84EC-E6C85F35EE31}" = Eldorado
"{6642BF47-D82A-447B-90E7-658FA865AFD7}" = Temperature Monitor
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B099C29E-EC83-4BF2-A4FF-5809D09C1C1B}" = BIOScreen
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2218329753-2017860753-312165954-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2013 08:53:05 | Computer Name = Home | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 25.02.2013 08:51:34 | Computer Name = Home | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 25.02.2013 08:51:34 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 25.02.2013 08:51:35 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.02.2013 08:51:49 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.02.2013 08:51:49 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.02.2013 08:51:52 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.02.2013 08:51:52 | Computer Name = Home | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.02.2013 08:53:40 | Computer Name = Home | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 25.02.2013 08:53:40 | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Alt 25.02.2013, 13:08   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein PC macht nicht mehr das was er soll! - Standard

Mein PC macht nicht mehr das was er soll!



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=CF80BCF0-D12F-4790-BB4C-A75092401CC5&apn_ptnrs=U3&apn_sauid=C9B432E3-A5EA-4100-8295-E86AC3355C4C&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
[2013.02.25 10:54:58 | 000,000,512 | ---- | C] () -- C:\Users\TerrorKruemel\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Mein PC macht nicht mehr das was er soll!
administrator, autostart, dateien, explorer, firefox, folge, geliefert, google, home, laptop, lösung, malwarebytes, maus, microsoft, neu, ohne befund, preferences, programm, programme, registry, relevantknowledge, scan, security, seite, software, starten, stick, suche



Ähnliche Themen: Mein PC macht nicht mehr das was er soll!


  1. Auf einmal ging mein driver Genius nicht mehr und nach neuinstalation steht (Online Downloader funktioniert nicht mehr
    Alles rund um Windows - 13.05.2014 (2)
  2. Mein Windows Vista macht keine Updates mehr
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (18)
  3. PC Performer lässt sich nicht mehr entfernen und macht alles langsam.
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (15)
  4. Mein Pc macht leider Probleme Internet Explorer öffnet Seiten nicht usw.
    Log-Analyse und Auswertung - 14.06.2013 (1)
  5. Ích soll 100 € per UKASH bezahlen und kann meinen Rechner nicht mehr nutzen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (1)
  6. Laptop macht Mätzchen, Trojaner? Virenscanner und Internet funktionieren nicht mehr einwandfrei!
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  7. Malwarebytes und hijackthis - mein System wird immer langsamer + mein ESET mag nicht mehr
    Log-Analyse und Auswertung - 07.06.2012 (8)
  8. desktop blockiert - soll bezahlen, nicht mein rechner
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (5)
  9. Nach Trojanerbefall macht das Internet nicht mehr mit
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (8)
  10. TR/Fraud.pack macht pc langsamer und antivir funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (14)
  11. Trojaner mit GMER gefunden. Norton geht nicht mehr und Hochfahren macht macken.
    Plagegeister aller Art und deren Bekämpfung - 04.01.2010 (1)
  12. Google öffnet nicht mehr die Standardseite bzw. macht in Firefox falsche Seiten auf
    Plagegeister aller Art und deren Bekämpfung - 01.06.2009 (20)
  13. scvhost.exe macht probleme und soll aus Registrierung gelöscht werden. Was tun?
    Log-Analyse und Auswertung - 22.10.2007 (1)
  14. .Exe -Macht nicht was er soll?
    Alles rund um Windows - 17.02.2007 (3)
  15. Wintems macht probleme und Antivirenprogramme können nicht mehr installiert werden
    Log-Analyse und Auswertung - 15.02.2007 (3)
  16. bitte helft mir ich weiss nicht mehr was ich machen soll
    Log-Analyse und Auswertung - 18.06.2005 (10)
  17. Mein Log...Was soll ich tun?
    Log-Analyse und Auswertung - 21.12.2004 (1)

Zum Thema Mein PC macht nicht mehr das was er soll! - Hallo Ihr Lieben. Nach tagelanger suche nach der Lösung meines Problems, wende ich mich nun Hilfesuchend an Euch in der Hoffnung, dass Ihr mir helfen könnt! Das Problem begann vor - Mein PC macht nicht mehr das was er soll!...
Archiv
Du betrachtest: Mein PC macht nicht mehr das was er soll! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.