|
Plagegeister aller Art und deren Bekämpfung: RKIT/agent.depg.1 in BAcroIEHelpe171.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.07.2012, 14:42 | #1 |
| RKIT/agent.depg.1 in BAcroIEHelpe171.dll EDIT: Eigentlicher Threadtitel: RKIT/agent.depg.1 in BAcroIEHelpe171.dll Konnte ich allerdings nicht posten, der Titel war "zu unspezifisch". Hey Board! Bin jetzt also auch von dem Trojaner befallen Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.21.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 hanebüchen :: <USER> [Administrator] 21.07.2012 14:35:29 mbam-log-2012-07-21 (15-28-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343390 Laufzeit: 49 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\hanebüchen\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\hanebüchen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\55d7f9af-1256256a (Backdoor.Bot) -> Keine Aktion durchgeführt. C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_meat-boy.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\hanebüchen\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) OTL: Code:
ATTFilter OTL logfile created on: 21.07.2012 15:31:00 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hanebüchen\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free 8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\hanebüchen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll () MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe (SiSoftware) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchya.com/?chnl=ft-100&s=0&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 76 E7 D4 6C B3 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}: "URL" = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "SearchYa!" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://searchya.com" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.3.0.19 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\hanebüchen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 22:41:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 22:41:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.21 14:02:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.14 00:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Extensions [2012.06.15 15:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions [2012.03.28 23:06:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.16 14:34:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.20 19:11:48 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ece24dcf-8548-4655-b392-47a388721482} [2011.12.14 19:40:51 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.04.13 20:50:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@Facemoods.com [2012.02.23 03:24:37 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@searchya.com [2011.02.02 16:26:46 | 000,000,921 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\conduit.xml [2012.07.11 21:19:09 | 000,000,950 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin-1.xml [2011.02.04 21:54:50 | 000,001,056 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin.xml [2012.02.23 02:02:30 | 000,001,497 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\searchya.xml [2011.12.14 19:40:45 | 000,003,915 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\sweetim.xml [2012.03.18 15:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.11 13:31:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ECE24DCF-8548-4655-B392-47A388721482} File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.16 19:49:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.25 23:46:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.25 23:46:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.25 23:46:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.13 20:50:36 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.04.25 23:46:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.25 23:46:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.25 23:46:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [fedja] C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Spotify] C:\Users\hanebüchen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Userinit] C:\Users\hanebüchen\AppData\Roaming\appconf32.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F946994-739F-4636-80FC-7D1839251284}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.21 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\Malwarebytes [2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.21 14:33:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.21 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.21 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.07.21 14:12:54 | 000,000,000 | ---D | C] -- C:\avrescue [2012.07.21 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.027 [2012.07.17 18:47:35 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\Kaspersky Rescue2Usb [2012.07.17 18:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro [2012.07.17 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro [2012.07.17 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.026 [2012.07.14 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.025 [2012.07.13 20:28:58 | 000,000,000 | ---D | C] -- C:\xmldm [2012.07.13 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.024 [2012.07.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.023 [2012.07.11 21:07:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 21:06:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 21:06:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.022 [2012.07.11 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\UAs [2012.07.10 21:21:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.021 [2012.07.10 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\xmldm [2012.07.10 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\kock [2012.07.09 22:59:59 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\MOBILE_MP4 [2012.07.09 22:58:13 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2012.07.09 22:58:13 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2012.07.09 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012.07.09 22:56:07 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2012.07.09 22:56:07 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2012.07.09 22:56:07 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2012.07.09 22:56:07 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2012.07.09 22:56:07 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2012.07.09 22:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2012.07.09 22:56:06 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2012.07.09 22:56:06 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2012.07.09 22:56:06 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2012.07.09 22:56:06 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2012.07.09 22:56:06 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2012.07.09 22:56:05 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2012.07.09 22:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft [2012.07.01 14:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.01 14:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.07.01 14:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.01 14:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.06.22 18:10:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 18:10:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 18:10:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 18:10:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 18:10:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 18:10:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 18:10:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 18:10:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.21 15:30:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.21 14:33:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 14:03:09 | 000,268,992 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll [2012.07.21 14:03:09 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.21 14:02:44 | 000,000,034 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res [2012.07.21 13:58:39 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.21 13:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.21 13:58:02 | 3220,619,264 | -HS- | M] () -- C:\hiberfil.sys [2012.07.18 12:36:37 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll [2012.07.17 18:48:51 | 210,292,736 | ---- | M] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso [2012.07.17 18:47:30 | 000,001,062 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk [2012.07.17 18:46:29 | 000,965,888 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe [2012.07.12 09:21:51 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 20:59:48 | 325,745,326 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.08 20:24:27 | 090,236,421 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV [2012.07.07 00:27:44 | 003,110,750 | ---- | M] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3 [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 20:17:34 | 000,233,450 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG [2012.07.01 19:58:35 | 000,082,009 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG [2012.06.22 19:41:57 | 003,876,963 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning Lyrics.mp3 [2012.06.22 19:39:23 | 004,003,433 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.21 14:33:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.21 14:03:09 | 000,268,992 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll [2012.07.21 14:03:09 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll [2012.07.21 14:02:44 | 000,000,034 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res [2012.07.18 12:36:37 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll [2012.07.17 18:48:50 | 210,292,736 | ---- | C] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso [2012.07.17 18:47:30 | 000,001,062 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk [2012.07.17 18:46:26 | 000,965,888 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe [2012.07.09 22:58:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.07.09 22:56:07 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2012.07.09 22:56:07 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.07.09 22:56:06 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax [2012.07.09 22:56:06 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2012.07.09 22:56:06 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2012.07.09 22:56:06 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2012.07.09 22:56:06 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2012.07.09 22:56:06 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2012.07.09 22:56:06 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2012.07.09 22:56:05 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2012.07.09 22:56:05 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2012.07.08 20:29:55 | 090,236,421 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV [2012.07.07 00:27:33 | 003,110,750 | ---- | C] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3 [2012.07.01 20:20:09 | 000,082,009 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG [2012.07.01 20:18:27 | 000,233,450 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG [2012.06.22 19:41:42 | 003,876,963 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning Lyrics.mp3 [2012.06.22 19:39:09 | 004,003,433 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3 [2012.06.22 12:43:24 | 001,147,459 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0092.JPG [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.24 02:50:19 | 000,069,548 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\icarus-dxdiag.xml [2012.02.23 02:02:36 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.10 19:00:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.27 21:30:42 | 011,366,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\Sandra.mdb [2012.01.22 02:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat [2012.01.05 21:24:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{390206F0-C60C-4045-8999-D6FC20FD1176} [2011.10.23 14:08:43 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BA64E7C5-9A62-409C-854D-737BF9C30F75} [2011.10.20 19:47:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D1CA7396-9E07-4F70-BA7C-21062883FB9E} [2011.10.19 09:26:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{6B0AEDEC-CC7E-4679-8D5F-2F191DBE7FC6} [2011.10.18 09:28:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D7ED4401-6FC0-4B10-B972-89334F2337C7} [2011.10.14 08:27:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D6331676-AD31-4416-8576-B4A192F45961} [2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.10.07 11:35:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BB44AB02-A155-4DF4-80E0-9C958FC16910} [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.06 17:31:06 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.01.14 01:22:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\hanebüchen\AppData\Roaming\appconf32.exe < End of report > OTL EXTRAS: Code:
ATTFilter OTL Extras logfile created on: 21.07.2012 15:31:00 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hanebüchen\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free 8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04DAF7C8-36D5-47DF-AB96-DDFCD0136670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{086EC40A-CE73-4347-8B64-C0BEE4F61E4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0A43AE46-2A59-490E-81A8-BCD7F94A2088}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{11414669-2EAE-437A-A655-08E8F8E46953}" = rport=10243 | protocol=6 | dir=out | app=system | "{2521C543-6672-4127-A6F0-E4337E5EB7DC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2EA103D7-99EC-44A6-906E-8E0C394D20FA}" = rport=137 | protocol=17 | dir=out | app=system | "{2EA2E9B6-2337-4FCF-82C5-E7EEABBD323A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37A79387-BF46-4F53-AC30-52F6F9323DCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3A66E529-1AF3-4778-A0B9-FC40B9A7B3CA}" = rport=445 | protocol=6 | dir=out | app=system | "{51263C83-3543-4A52-A376-D34B83B76EB4}" = lport=445 | protocol=6 | dir=in | app=system | "{51CC6CBA-4A30-4BFF-8214-35AE31CE68CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{56E0F830-79ED-422C-9110-EDA8045D4E26}" = lport=139 | protocol=6 | dir=in | app=system | "{5C3E98A4-6D11-4738-AF03-37AABAF40727}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5F3E2D89-458F-4FED-89AC-A3B074144256}" = lport=137 | protocol=17 | dir=in | app=system | "{5FE1526B-4FE4-4D9A-B0DA-CAEB0E6AB5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6C70194E-A486-46CA-8B06-25969CD9C04D}" = rport=139 | protocol=6 | dir=out | app=system | "{738994B9-DC55-4C84-9BF8-FC5CE17643E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7BA3B8EA-E2D7-4B69-BFB6-50BE152E8D8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82BCC8A4-01DD-48F7-98CF-2645F4F1907B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B5CB794-1F34-4594-87EF-F10433E6B788}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe | "{8B7A5575-A48F-4DEE-8465-29078C5BA646}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\rpcagentsrv.exe | "{A6462CC2-8FB6-40A0-A328-0B72179EC461}" = lport=138 | protocol=17 | dir=in | app=system | "{B559D9EB-3D9E-4FE0-8CB9-9DEA5EFC65D0}" = rport=138 | protocol=17 | dir=out | app=system | "{B9E12DAB-F26D-4048-9084-18B40797CC93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C05CF4AC-89B3-4349-BA4B-B6E3097C90C0}" = lport=10243 | protocol=6 | dir=in | app=system | "{E85479E8-2CB8-44BE-9E8B-58AAE3CB8DFF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0290484E-D718-4426-AA2A-3154BC85F03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{0801C795-9121-49F5-AC1B-9274F3AF5D8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{08215A4F-8053-4829-8AAE-13AD52C04153}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | "{08DAC84F-E330-4BB1-BE69-51F47DF295FD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0BCB5801-E5AB-4287-9FEC-D1175D34C3EA}" = protocol=6 | dir=out | app=system | "{0CF0D2B9-7B2D-405A-B360-24ABF99F69DA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | "{14968090-2C92-4280-9273-74C13D1BA764}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{15D9820F-CD1B-4BA6-95EB-1D5B9AAEB8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{18491FC7-234A-4350-B21B-5C8B959AC210}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{19555B8A-F7BE-485A-A6FB-9DEE0936C10E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E9D9F56-00CE-4FEA-BFA9-E76498558EFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{20BBE0DF-8833-4251-A4FF-8D4701834A8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe | "{27A9AF47-3191-464A-BE4E-CE1C9273A964}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{30419D49-C654-43D0-A12B-6F738570F9F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{376E6E32-6C6C-4E46-9DEB-4AFE9A656FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{393E06FA-99AB-417E-93F8-C4B712164E69}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{3953107E-185F-4C1E-B281-3362CB8A053A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{3BCCDE3C-0F7C-45E3-B1B3-043EA81DAE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{3CF398CA-F86E-48A6-881A-93A3FBB1D0C3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{4183FFB1-6506-493F-AAB2-97F1EB971845}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{41A3C1A0-EC1F-4FAC-A360-35573E5ED0AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{420E34FB-21F4-447B-8C65-0E78715C697E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{45B50E0C-289B-4E66-944C-324C82B9E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | "{4A58D5CC-241F-4994-911A-5A5BC757638A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{4BB4D846-4320-4A9F-8488-DC05FF37FCDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe | "{50559C52-63EF-42F1-B84D-2D3E64BC6AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{52B2BC4D-15F3-437B-9A80-DC94CA5FCE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe | "{54874072-7C06-4A21-9452-406D7D872A82}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{574BCFCC-02DA-4822-AB34-F443B495E0DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{57712A18-D97F-4591-A427-D4A69104B8E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{5DE8FB6F-0A13-4ADE-A36C-47A96FD3714E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe | "{5FCA8728-796F-449B-BEA3-DECA5063046B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | "{63BD1307-AD0A-479D-BE24-AB18EABE9C1F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{67D081C7-EC5E-4C59-BD7E-41D0F5BFB53D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{77C10D7C-531D-4644-8A96-192FE125C58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B220429-0B33-46E0-89A5-6907C6DC3CC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{83D14D8D-60A4-4BB4-806F-822B804974F1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{889DF2E5-EB44-48B1-9FEC-178B6AEC55B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe | "{89AC8CC6-35EE-4A48-B63E-927186F9DC30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F49916A-832F-4F0B-9DA6-4B7D2BC2EEBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{92E367E8-268D-46A6-BA20-705E0242D527}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{92FC89A4-FCD9-4880-A706-9BC5E9613042}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | "{95760D62-7D65-429A-8373-ADDBD25BB006}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D79F2CF-D34C-4F6F-8CB2-01966BD0EB98}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{A1D99B44-24F6-44D4-9915-9C220B818BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A968A283-D2E6-4956-B835-4CC17A128E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA1E5082-6507-4A9F-BE2A-1A5D79ED2936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD37DCF9-D85A-4D96-949D-74E4BE6343D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B277A8A9-926D-4AD7-BC47-EED8446FA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B5FAAF81-42F8-43CD-9680-F72648BCF9DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BADDBA00-4224-4487-AE29-36D68461FF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BB6CD3D2-5B21-4C8E-BD01-826CA63EE8CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BD358423-C358-41E9-ACDB-AE3A89CF05B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | "{BE26E693-D712-4546-8822-1FB8152BD79F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C5D2E746-9C0A-4F9A-A51E-AC282C43DD5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C9721C09-8E0D-4B04-B2C1-BDBFD36AD50D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C9B26F93-1166-4861-9629-915F8F3C5B95}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{CE302D7C-9119-47B6-AC88-3E6B0CE59589}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D35EE08C-F7F7-4BFC-B91A-27FD21C2B37F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{DDBD9B19-5270-4201-94AA-DDA1DD299C7E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{E2661590-7463-4915-891D-4E115ED8B1E1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{E57EE8EE-CA4C-468F-AEC6-A32588C6EBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | "{EC279E44-08CB-473A-BC53-DC48823F954E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{F7487ED9-14F8-438D-AB2D-D629A246FA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe | "{F9D0841A-4293-49FE-9D1E-7CA95FB020BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FAF63D86-FE0F-41B0-A493-EC4F884F5A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0B0D7633-EA6F-441C-B823-84E2C31E13E5}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe | "TCP Query User{15E61B82-DC80-401B-A8E3-C88A294B0CA6}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | "TCP Query User{E6B7F748-99EE-4ECC-9B5D-1253A5B360A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{EABA9E59-1FE4-494C-A520-41A491F489CE}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | "UDP Query User{0D7EB447-037A-4AC8-80C9-742AF2384023}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | "UDP Query User{3C3FAC12-AAF4-4AA2-B598-76356DD7FEA0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{5BA583F7-A460-486F-A096-EA1CEB098EEA}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | "UDP Query User{C9D29781-F7C1-479E-9F18-C772E290953C}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit) "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005 "{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding "{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1c "{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit) "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11373106-6476-4C56-9E1E-88A1CD9F8809}" = Scrabble3D "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish "{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common "{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "ABC Amber Audio Converter" = ABC Amber Audio Converter "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Any Video Converter_is1" = Any Video Converter 3.2.3 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "Diablo III" = Diablo III "Diablo III Beta" = Diablo III Beta "DivX Setup.divx.com" = DivX-Setup "ESN Sonar-0.70.4" = ESN Sonar "eVer-Craft_is1" = eVer-Craft "facemoods" = Facemoods Toolbar "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908 "Gamers.IRC" = Gamers.IRC 6.00 "GamersFirst LIVE!" = GamersFirst LIVE! "ICQToolbar" = ICQ Toolbar "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0 "OpenAL" = OpenAL "Optimizer Pro_is1" = Optimizer Pro v3.0 "PokerStars" = PokerStars "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "TeamSpeak 3 Client" = TeamSpeak 3 Client "UT2004" = Unreal Tournament 2004 "VLC media player" = VLC media player 1.1.6 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab PDF Creator" = FoxTab PDF Creator "Game Organizer" = EasyBits GO "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3120 Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3120 Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6349 Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6349 Error - 17.07.2012 12:38:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften Prozesses: 0x444 Startzeit der fehlerhaften Anwendung: 0x01cd643a68aae760 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d23baed0-d02d-11e1-8554-0024217aa999 Error - 17.07.2012 12:45:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x73f9e294 ID des fehlerhaften Prozesses: 0x668 Startzeit der fehlerhaften Anwendung: 0x01cd643ac8a43d60 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cc5be8d0-d02e-11e1-8554-0024217aa999 Error - 17.07.2012 12:46:30 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514, Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: AcroIEHelpe170.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x500572da Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a0194ca ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung: 0x01cd643add0fbf90 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroIEHelpe170.dll Berichtskennung: f52233f0-d02e-11e1-8554-0024217aa999 Error - 17.07.2012 12:49:42 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: com.apple.WindowsContacts.client.exe, Version: 17.17.0.77, Zeitstempel: 0x4f186178 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften Prozesses: 0x1548 Startzeit der fehlerhaften Anwendung: 0x01cd643c28d7e7d0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 67538a50-d02f-11e1-8554-0024217aa999 [ System Events ] Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 17.07.2012 13:14:23 | Computer Name = hanebüchen-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht. Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Ich hoffe sehr das ihr mir weiterhelfen könnt, vielen Dank im Voraus! |
22.07.2012, 16:57 | #2 |
| RKIT/agent.depg.1 in BAcroIEHelpe171.dll Ist mir etwa nicht mehr zu helfen ?
__________________ |
27.07.2012, 19:18 | #3 |
/// Helfer-Team | RKIT/agent.depg.1 in BAcroIEHelpe171.dllFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :Processes killallprocesses :OTL MOD - C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll () IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}: "URL" = http://searchya.com/?chnl=ft-100&s=1&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "SearchYa!" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://searchya.com" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.3.0.19 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.21 14:02:51 | 000,000,000 | ---D | M] [2011.01.14 00:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Extensions [2012.06.15 15:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions [2012.03.28 23:06:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.16 14:34:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.20 19:11:48 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ece24dcf-8548-4655-b392-47a388721482} [2011.04.13 20:50:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@Facemoods.com [2012.02.23 03:24:37 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@searchya.com File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ECE24DCF-8548-4655-B392-47A388721482} File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Spotify] C:\Users\hanebüchen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Userinit] C:\Users\hanebüchen\AppData\Roaming\appconf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe [2012.07.21 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.027 [2012.07.17 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.026 [2012.07.14 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.025 [2012.07.13 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.024 [2012.07.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.023 [2012.07.11 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.022 [2012.07.11 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\UAs [2012.07.10 21:21:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.021 [2012.07.10 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\xmldm [2012.07.10 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\kock [2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\hanebüchen\AppData\Roaming\appconf32.exe :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash] [resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
11.08.2012, 02:21 | #4 |
/// Helfer-Team | RKIT/agent.depg.1 in BAcroIEHelpe171.dll Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu RKIT/agent.depg.1 in BAcroIEHelpe171.dll |
7-zip, antivir, any video converter, autorun, avira, bho, bonjour, converter, desktop, device driver, error, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, kaspersky, langs, launch, locker, logfile, mozilla, mp3, object, optimizer pro, pando media booster, pdf creator, plug-in, pup.searchya, registry, rundll, scan, searchscopes, security, software, spotify web helper, super, svchost.exe, sweetim, teamspeak, trojaner |