| |
| |||||||
Log-Analyse und Auswertung: Win32.Agent.fbxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.01.2014, 22:30
| #1 |
 |  Win32.Agent.fbx Hallo Trojaner-Board Als Newbie stürze ich mal gleich mit einem Problem herein. Eigentlich läuft mein PC ziemlich rund, kann mich nicht beschweren. Ich nutze Vista SP2 64 bit, benutze AVG IS 2014, PC-Tune Up 2014 von AVG und Spybot. Und eben Spybot fand dann diesen fiesen Win32.Agent.fbx sowie 2 weitere Malwarefunde in der Registry. Um Eurer Hilfe (bittebitte) möglichst genau folgen zu können, anbei der Log von Spybot. Malwarebytes läugt gerade, Log in ca. 90 Minuten. Ich habe mir zwar schon ein paar Postings durchgelesen, aber Ihr schreibt ja selbst, jedes Problem ein eigenes Posting. Bis hierhin schonmal vielen Dank im voraus. Search results from Spybot - Search & Destroy 23.01.2014 19:28:11 Scan took 00:29:31. 61 items found. Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done) HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done) HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol Properties.size=149 Properties.md5=0AED3CA4DAB9CB084CAF8D15AB76516B Properties.filedate=1390345734 Properties.filedatetext=2014-01-22 00:08:54 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol Properties.size=206 Properties.md5=891A43EEACF7B66DC9724EA62D861C24 Properties.filedate=1390345741 Properties.filedatetext=2014-01-22 00:09:01 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=CBE8A959E4E30B2BA46B81BB4A5C2B51 Properties.filedate=1390435041 Properties.filedatetext=2014-01-23 00:57:20 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\badoocdn.com\statf.sol Properties.size=42 Properties.md5=2A3893FAC1613E11B90B6B43963BBD63 Properties.filedate=1390338164 Properties.filedatetext=2014-01-21 22:02:44 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol Properties.size=54 Properties.md5=F5DF4C35569BF2D4248108D4961D5D0D Properties.filedate=1390432386 Properties.filedatetext=2014-01-23 00:13:06 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\fixed_id.sol Properties.size=54 Properties.md5=322C9047411814507A66AB957DC33256 Properties.filedate=1390431232 Properties.filedatetext=2014-01-22 23:53:52 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\mini_login.sol Properties.size=48 Properties.md5=24D469038E947632F5BA50468F0384C0 Properties.filedate=1390431251 Properties.filedatetext=2014-01-22 23:54:10 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\d261sv3xac0f7i.cloudfront.net\helpData.sol Properties.size=128 Properties.md5=D1329615794E852D37071C40E2F9A3D8 Properties.filedate=1390335822 Properties.filedatetext=2014-01-21 21:23:42 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol Properties.size=75 Properties.md5=E6BD9E15FD07866A5EC303BB745AB8DF Properties.filedate=1390345641 Properties.filedatetext=2014-01-22 00:07:20 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol Properties.size=149 Properties.md5=F08644EF7685E7B5B0C7993B37B659F4 Properties.filedate=1390345745 Properties.filedatetext=2014-01-22 00:09:05 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol Properties.size=196 Properties.md5=434DB875A1BD1372DB5CADAAB1BF27DF Properties.filedate=1390345941 Properties.filedatetext=2014-01-22 00:12:21 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol Properties.size=54 Properties.md5=D05E870A22F9016572A1EAB215A5B3DF Properties.filedate=1390434268 Properties.filedatetext=2014-01-23 00:44:28 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\m.indostreamix.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=26D7A7C3340DD5CC7078D477C5575FCB Properties.filedate=1390432846 Properties.filedatetext=2014-01-23 00:20:46 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\onlinetv-stream.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=FED29F7EF7CB6880B7C71D52282116DC Properties.filedate=1390431985 Properties.filedatetext=2014-01-23 00:06:24 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol Properties.size=42 Properties.md5=2A3893FAC1613E11B90B6B43963BBD63 Properties.filedate=1390334852 Properties.filedatetext=2014-01-21 21:07:31 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.gl-systemhaus.de\b7v2.sol Properties.size=39 Properties.md5=EFCDBDAD6C520FFF3B8D49CA75FA59FF Properties.filedate=1390335708 Properties.filedatetext=2014-01-21 21:21:47 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.longtailvideo.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=64DA7C8D09642C1F7A29F1E9FEE66C14 Properties.filedate=1390433986 Properties.filedatetext=2014-01-23 00:39:45 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=2048A1E689699F871FF3106D07779388 Properties.filedate=1390432157 Properties.filedatetext=2014-01-23 00:09:17 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\source.mmi.bemobile.ua\mmi.sol Properties.size=66 Properties.md5=EC5D22D4E2D1AC82276C8E6CE88D6969 Properties.filedate=1390348002 Properties.filedatetext=2014-01-22 00:46:42 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol Properties.size=224 Properties.md5=FCE76F6B93702F0068861148F0479DCA Properties.filedate=1390432785 Properties.filedatetext=2014-01-23 00:19:45 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.irc.sol Properties.size=3410 Properties.md5=D06740CD79B728ACC448E8ADED2BD653 Properties.filedate=1390434040 Properties.filedatetext=2014-01-23 00:40:39 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol Properties.size=17700 Properties.md5=0303C29E901278818BEF9A3539CB7284 Properties.filedate=1390434040 Properties.filedatetext=2014-01-23 00:40:40 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=31152F5C0DC7623131BE11DD214C993B Properties.filedate=1390434707 Properties.filedatetext=2014-01-23 00:51:46 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.9flash.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=D10E6AD99CF6DE3C142B71EF575E8397 Properties.filedate=1390434785 Properties.filedatetext=2014-01-23 00:53:05 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.casti.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=90FC28E54A256E4976BEBE6206F377AA Properties.filedate=1390431643 Properties.filedatetext=2014-01-23 00:00:43 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=992CA86A1C57725C85D5F31706CFE68D Properties.filedate=1390432794 Properties.filedatetext=2014-01-23 00:19:54 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.gagalive.kr\gaga6.sol Properties.size=107 Properties.md5=06E0840408A0D5DC849346F8DECCFF7D Properties.filedate=1390431428 Properties.filedatetext=2014-01-22 23:57:08 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol Properties.size=54 Properties.md5=3C3F1C307809CB5101F704D54A3AB04D Properties.filedate=1390434063 Properties.filedatetext=2014-01-23 00:41:03 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metropol.cz\com.jeroenwijering.sol Properties.size=54 Properties.md5=9B536D76E96CB92C698642A74AF30A78 Properties.filedate=1390433827 Properties.filedatetext=2014-01-23 00:37:06 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metrotvnews.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=471B5AB4735AF73E810E0972640D21A8 Properties.filedate=1390431520 Properties.filedatetext=2014-01-22 23:58:40 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.porniz.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=24488D18EB0CBE973A189456FB747CE1 Properties.filedate=1390434306 Properties.filedatetext=2014-01-23 00:45:06 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.quartarete.tv\com.jeroenwijering.sol Properties.size=53 Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3 Properties.filedate=1390431833 Properties.filedatetext=2014-01-23 00:03:52 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.shanson.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=BCA4057E2EFA8431C9C986CB9D01CC86 Properties.filedate=1390432806 Properties.filedatetext=2014-01-23 00:20:06 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.winstar.tv\com.jeroenwijering.sol Properties.size=54 Properties.md5=4DA91764F1FB6FCA043E248C87C19B8C Properties.filedate=1390432794 Properties.filedatetext=2014-01-23 00:19:54 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol Properties.size=100 Properties.md5=80F2991DD668691BB52167916BE7862E Properties.filedate=1390434263 Properties.filedatetext=2014-01-23 00:44:23 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\info.info.info-info-info-info-info.info\mp3player.swf\1413292_0_en.sol Properties.size=99 Properties.md5=1F8F152A94590C73A1C10641060E0365 Properties.filedate=1390431428 Properties.filedatetext=2014-01-22 23:57:08 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol Properties.size=44 Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74 Properties.filedate=1390345730 Properties.filedatetext=2014-01-22 00:08:50 Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done) HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done) HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (6) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (78) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (236) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-06-18 SDDisableProxy.exe 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-10-10 SDHookInst64.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2013-06-19 spybotsd2-translation-frx.exe 2014-01-15 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-05-16 SDECon64.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-10-10 SDHook64.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2014-01-08 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-01-14 Includes\Adware-C.sbi (*) 2014-01-08 Includes\Adware.sbi (*) 2014-01-08 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-08 Includes\Dialer.sbi (*) 2014-01-08 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-08 Includes\Hijackers.sbi (*) 2014-01-08 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-01-08 Includes\Keyloggers-C.sbi (*) 2014-01-08 Includes\Keyloggers.sbi (*) 2014-01-08 Includes\KeyloggersC.sbi (*) 2014-01-14 Includes\Malware-C.sbi (*) 2013-05-29 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-01-14 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-08 Includes\Security.sbi (*) 2014-01-08 Includes\SecurityC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-08 Includes\Spyware.sbi (*) 2014-01-08 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-01-15 Includes\Trojans-005.sbi (*) 2014-01-15 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-01-15 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-01-14 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-15 Includes\TrojansC-04.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) Und hier die Logdatei vom Malewarebytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.18.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Helvet :: HELVET-PC [Administrator] 23.01.2014 21:13:38 MBAM-log-2014-01-23 (22-29-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442082 Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe (Security.Hijack) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.01.2014, 23:17
| #2 |
| /// the machine /// TB-Ausbilder    | Win32.Agent.fbx hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.01.2014, 23:32
| #3 |
| | Win32.Agent.fbxCode:
ATTFilter Search results from Spybot - Search & Destroy
23.01.2014 19:28:11
Scan took 00:29:31.
61 items found.
Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=0AED3CA4DAB9CB084CAF8D15AB76516B
Properties.filedate=1390345734
Properties.filedatetext=2014-01-22 00:08:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol
Properties.size=206
Properties.md5=891A43EEACF7B66DC9724EA62D861C24
Properties.filedate=1390345741
Properties.filedatetext=2014-01-22 00:09:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=CBE8A959E4E30B2BA46B81BB4A5C2B51
Properties.filedate=1390435041
Properties.filedatetext=2014-01-23 00:57:20
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390338164
Properties.filedatetext=2014-01-21 22:02:44
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol
Properties.size=54
Properties.md5=F5DF4C35569BF2D4248108D4961D5D0D
Properties.filedate=1390432386
Properties.filedatetext=2014-01-23 00:13:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\fixed_id.sol
Properties.size=54
Properties.md5=322C9047411814507A66AB957DC33256
Properties.filedate=1390431232
Properties.filedatetext=2014-01-22 23:53:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\mini_login.sol
Properties.size=48
Properties.md5=24D469038E947632F5BA50468F0384C0
Properties.filedate=1390431251
Properties.filedatetext=2014-01-22 23:54:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\d261sv3xac0f7i.cloudfront.net\helpData.sol
Properties.size=128
Properties.md5=D1329615794E852D37071C40E2F9A3D8
Properties.filedate=1390335822
Properties.filedatetext=2014-01-21 21:23:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
Properties.size=75
Properties.md5=E6BD9E15FD07866A5EC303BB745AB8DF
Properties.filedate=1390345641
Properties.filedatetext=2014-01-22 00:07:20
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=F08644EF7685E7B5B0C7993B37B659F4
Properties.filedate=1390345745
Properties.filedatetext=2014-01-22 00:09:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol
Properties.size=196
Properties.md5=434DB875A1BD1372DB5CADAAB1BF27DF
Properties.filedate=1390345941
Properties.filedatetext=2014-01-22 00:12:21
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol
Properties.size=54
Properties.md5=D05E870A22F9016572A1EAB215A5B3DF
Properties.filedate=1390434268
Properties.filedatetext=2014-01-23 00:44:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\m.indostreamix.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=26D7A7C3340DD5CC7078D477C5575FCB
Properties.filedate=1390432846
Properties.filedatetext=2014-01-23 00:20:46
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\onlinetv-stream.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=FED29F7EF7CB6880B7C71D52282116DC
Properties.filedate=1390431985
Properties.filedatetext=2014-01-23 00:06:24
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390334852
Properties.filedatetext=2014-01-21 21:07:31
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.gl-systemhaus.de\b7v2.sol
Properties.size=39
Properties.md5=EFCDBDAD6C520FFF3B8D49CA75FA59FF
Properties.filedate=1390335708
Properties.filedatetext=2014-01-21 21:21:47
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.longtailvideo.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=64DA7C8D09642C1F7A29F1E9FEE66C14
Properties.filedate=1390433986
Properties.filedatetext=2014-01-23 00:39:45
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=2048A1E689699F871FF3106D07779388
Properties.filedate=1390432157
Properties.filedatetext=2014-01-23 00:09:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\source.mmi.bemobile.ua\mmi.sol
Properties.size=66
Properties.md5=EC5D22D4E2D1AC82276C8E6CE88D6969
Properties.filedate=1390348002
Properties.filedatetext=2014-01-22 00:46:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol
Properties.size=224
Properties.md5=FCE76F6B93702F0068861148F0479DCA
Properties.filedate=1390432785
Properties.filedatetext=2014-01-23 00:19:45
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.irc.sol
Properties.size=3410
Properties.md5=D06740CD79B728ACC448E8ADED2BD653
Properties.filedate=1390434040
Properties.filedatetext=2014-01-23 00:40:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=17700
Properties.md5=0303C29E901278818BEF9A3539CB7284
Properties.filedate=1390434040
Properties.filedatetext=2014-01-23 00:40:40
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=31152F5C0DC7623131BE11DD214C993B
Properties.filedate=1390434707
Properties.filedatetext=2014-01-23 00:51:46
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.9flash.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=D10E6AD99CF6DE3C142B71EF575E8397
Properties.filedate=1390434785
Properties.filedatetext=2014-01-23 00:53:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.casti.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=90FC28E54A256E4976BEBE6206F377AA
Properties.filedate=1390431643
Properties.filedatetext=2014-01-23 00:00:43
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=992CA86A1C57725C85D5F31706CFE68D
Properties.filedate=1390432794
Properties.filedatetext=2014-01-23 00:19:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.gagalive.kr\gaga6.sol
Properties.size=107
Properties.md5=06E0840408A0D5DC849346F8DECCFF7D
Properties.filedate=1390431428
Properties.filedatetext=2014-01-22 23:57:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol
Properties.size=54
Properties.md5=3C3F1C307809CB5101F704D54A3AB04D
Properties.filedate=1390434063
Properties.filedatetext=2014-01-23 00:41:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metropol.cz\com.jeroenwijering.sol
Properties.size=54
Properties.md5=9B536D76E96CB92C698642A74AF30A78
Properties.filedate=1390433827
Properties.filedatetext=2014-01-23 00:37:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metrotvnews.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=471B5AB4735AF73E810E0972640D21A8
Properties.filedate=1390431520
Properties.filedatetext=2014-01-22 23:58:40
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.porniz.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=24488D18EB0CBE973A189456FB747CE1
Properties.filedate=1390434306
Properties.filedatetext=2014-01-23 00:45:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.quartarete.tv\com.jeroenwijering.sol
Properties.size=53
Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3
Properties.filedate=1390431833
Properties.filedatetext=2014-01-23 00:03:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.shanson.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=BCA4057E2EFA8431C9C986CB9D01CC86
Properties.filedate=1390432806
Properties.filedatetext=2014-01-23 00:20:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.winstar.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=4DA91764F1FB6FCA043E248C87C19B8C
Properties.filedate=1390432794
Properties.filedatetext=2014-01-23 00:19:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol
Properties.size=100
Properties.md5=80F2991DD668691BB52167916BE7862E
Properties.filedate=1390434263
Properties.filedatetext=2014-01-23 00:44:23
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\info.info.info-info-info-info-info.info\mp3player.swf\1413292_0_en.sol
Properties.size=99
Properties.md5=1F8F152A94590C73A1C10641060E0365
Properties.filedate=1390431428
Properties.filedatetext=2014-01-22 23:57:08
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
Properties.size=44
Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
Properties.filedate=1390345730
Properties.filedatetext=2014-01-22 00:08:50
Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (6) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (78) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (236) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
FRST32 Bit passt nich zu meinem OS (Vista 64 bit) FRST64 bit ist keine win32 Anwendung ?????? Und die 64 bit Version hat einen Trojaner laut AVG IS |
|
24.01.2014, 14:38
| #4 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbx AVG is doof, ignorier die Meldung und lade die 64bit Version.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.01.2014, 14:47
| #5 |
| | Win32.Agent.fbx Es bleibt leider dabei. Folgende Meldung bekomme ich nach dem Download und dem Versuch die exe zu starten. FRST64 bit ist keine win32 Anwendung |
|
25.01.2014, 12:07
| #6 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbx Strange. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ --> Win32.Agent.fbx |
|
25.01.2014, 13:06
| #7 |
| | Win32.Agent.fbx Jetzt ganz ohne Probleme  Code:
ATTFilter OTL logfile created on: 25.01.2014 12:46:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 62,72% Memory free 6,15 Gb Paging File | 3,78 Gb Available in Paging File | 61,52% Paging File free Paging file location(s): C:\pagefile.sys 256 512 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,33 Gb Total Space | 504,81 Gb Free Space | 86,69% Space Free | Partition Type: NTFS Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 330,14 Gb Free Space | 55,38% Space Free | Partition Type: NTFS Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Helvet\AppData\Roaming\Windows Net Data\net.exe (Windows Net) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll () ========== Services (SafeList) ========== SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( ) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys () DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116 IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE - HKLM\..\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116 IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10179&home=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10179&home=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10179&home=1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=52af82fa00000000000000248c2fc9b1 IE - HKCU\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.searchcompletion.com/?si=10179&cs=1&q={searchTerms} IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: EFGLQA%4078ETGYN-0W7FN789T87.COM:1.01 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 62848 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] [2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions [2014.01.24 17:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions [2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net [2014.01.24 17:18:15 | 000,000,000 | ---D | M] (pricealarm) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com [2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi [2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.27 23:01:29 | 000,002,333 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\Funmoods.xml [2012.08.19 12:45:56 | 000,009,650 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\my-web-search.xml [2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com [2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 56.159.50.251 perspeak.avira-update.com O1 - Hosts: 75.244.34.18 personal.nl.avira-update.com O1 - Hosts: 253.249.177.195 profpeak.avira-update.com O1 - Hosts: 157.45.146.186 professional.nl.avira-update.com O1 - Hosts: 60.77.189.71 prempeak.avira-update.com O1 - Hosts: 247.9.37.135 premium.nl.avira-update.com O1 - Hosts: 60.138.2.98 personal.avira-update.com O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 license.superantispyware.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Helvet\AppData\Roaming\Windows Net Data\net.exe (Windows Net) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2014.01.24 15:04:15 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Windows Net Data [2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking [2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA [2014.01.18 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\ParetoLogic [2014.01.18 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\DriverCure [2014.01.18 18:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa [2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 [2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014 [2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014 [2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.25 12:13:55 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.25 12:13:55 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.25 12:13:55 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.25 12:13:55 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.25 12:13:55 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.25 12:13:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.25 12:07:51 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.25 12:07:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.25 12:07:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.25 12:07:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.24 15:04:15 | 000,001,779 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.01.24 11:13:58 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini [2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013.12.26 18:11:21 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.24 15:04:15 | 000,001,779 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.24 11:13:47 | 000,329,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini [2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk [2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013.12.26 16:36:43 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI [2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe [2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat [2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf [2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf [2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat [2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat [2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel [2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat [2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat [2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat [2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat [2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box [2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat [2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe [2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.01.2014 12:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 62,72% Memory free
6,15 Gb Paging File | 3,78 Gb Available in Paging File | 61,52% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 504,81 Gb Free Space | 86,69% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 330,14 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player" = FLV Player
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2014 17:47:35 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.01.2014 19:21:16 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.01.2014 21:19:41 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 06:14:23 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 08:53:31 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 10:08:10 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 10:17:44 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 14:02:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2014 19:52:34 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2014 07:07:48 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line:
686 Description: Das Handle ist ungültig.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7: The agent has been stopped.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 24.01.2014 19:52:34 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 24.01.2014 19:53:38 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 24.01.2014 19:54:36 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 24.01.2014 19:54:36 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.01.2014 07:07:16 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 25.01.2014 07:07:31 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 25.01.2014 07:07:48 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.01.2014 07:08:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25.01.2014 07:09:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 25.01.2014 07:09:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
26.01.2014, 06:47
| #8 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbx Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2014, 14:00
| #9 |
| | Win32.Agent.fbx Das Log von AdwCleaner Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 26/01/2014 um 12:57:27
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Helvet - HELVET-PC
# Gestartet von : C:\Users\Helvet\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\ParetoLogic
[!] Ordner Gelöscht : C:\Program Files (x86)\Conduit
[!] Ordner Gelöscht : C:\Program Files (x86)\Search Settings
[!] Ordner Gelöscht : C:\Program Files (x86)\Uniblue\SpeedUpMyPC
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\DriverCure
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Funmoods
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\ParetoLogic
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
[!] Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\search@searchsettings.com
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Funmoods
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : HKCU\Software\Official-eMule
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKLM\Software\Official-eMule
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Complitly_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\prefs.js ]
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15455");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 74439590);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15455");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=NT_ss&mntrId=52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.enabledItems", "toolbar@ask.com:3.6.6.117,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.1[...]
Zeile gelöscht : user_pref("extensions.funmoods.aflt", "iron2");
Zeile gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Zeile gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Zeile gelöscht : user_pref("extensions.funmoods.hdrMd5", "F1B36742217C6B551BD13F27C9DF5AD3");
Zeile gelöscht : user_pref("extensions.funmoods.hmpg", true);
Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116");
Zeile gelöscht : user_pref("extensions.funmoods.id", "00248C2FC9B182FA");
Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15701");
Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "iron2");
Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gelöscht : user_pref("extensions.funmoods.newTab", true);
Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116");
Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.sg", "none");
Zeile gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116&[...]
Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=3E09D2FC-3088-4405-A6D5-EB9AA5267698&n=77edeef9&ptnrS=XPxdm284YYde&si=CPjrt5Kx8rECFQjwzAodCw[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012081913");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm284YYde");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CPjrt5Kx8rECFQjwzAodCw8AhA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "3E09D2FC-3088-4405-A6D5-EB9AA5267698");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1345677857887");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1362017626498");
*************************
AdwCleaner[R0].txt - [23059 octets] - [26/01/2014 12:52:57]
AdwCleaner[S0].txt - [17907 octets] - [26/01/2014 12:57:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17968 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Helvet on 26.01.2014 at 13:20:40,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{2D5E3FCD-40F4-4E60-919E-97DCF1AF2B68}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{3230DD1B-E026-4DC5-A3A1-FFD7018F0E60}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{3D66B5AE-1589-4E59-9427-8CD0C565F2CC}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{F4313E13-D114-447E-AF7D-AB57466F6E48}
~~~ FireFox
Emptied folder: C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\minidumps [328 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2014 at 13:27:40,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bis hierhin schon mal ein RIESEN DANKE  Code:
ATTFilter OTL logfile created on: 26.01.2014 13:46:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,22 Gb Available Physical Memory | 70,40% Memory free 6,07 Gb Paging File | 4,34 Gb Available in Paging File | 71,55% Paging File free Paging file location(s): C:\pagefile.sys 256 512 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,33 Gb Total Space | 511,46 Gb Free Space | 87,83% Space Free | Partition Type: NTFS Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 329,97 Gb Free Space | 55,35% Space Free | Partition Type: NTFS Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll () ========== Services (SafeList) ========== SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( ) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys () DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116 IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 62848 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] [2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions [2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions [2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net [2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com [2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi [2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml [2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 56.159.50.251 perspeak.avira-update.com O1 - Hosts: 75.244.34.18 personal.nl.avira-update.com O1 - Hosts: 253.249.177.195 profpeak.avira-update.com O1 - Hosts: 157.45.146.186 professional.nl.avira-update.com O1 - Hosts: 60.77.189.71 prempeak.avira-update.com O1 - Hosts: 247.9.37.135 premium.nl.avira-update.com O1 - Hosts: 60.138.2.98 personal.avira-update.com O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 license.superantispyware.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27:64bit: - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014.01.26 13:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.01.26 13:18:16 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe [2014.01.26 12:52:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking [2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA [2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa [2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 [2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014 [2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014 [2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.26 13:44:53 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.26 13:44:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.26 13:44:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.26 13:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.26 13:18:17 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe [2014.01.26 13:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.26 13:04:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.26 13:04:04 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.26 13:04:04 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.26 13:04:04 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.26 13:04:04 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.26 12:51:22 | 001,236,282 | ---- | M] () -- C:\Users\Helvet\Desktop\adwcleaner.exe [2014.01.26 12:03:14 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini [2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.26 12:51:21 | 001,236,282 | ---- | C] () -- C:\Users\Helvet\Desktop\adwcleaner.exe [2014.01.26 12:03:01 | 000,329,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini [2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk [2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI [2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe [2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat [2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf [2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf [2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat [2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat [2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel [2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat [2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat [2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat [2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat [2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box [2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat [2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe [2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.01.2014 13:46:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,22 Gb Available Physical Memory | 70,40% Memory free
6,07 Gb Paging File | 4,34 Gb Available in Paging File | 71,55% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 511,46 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 329,97 Gb Free Space | 55,35% Space Free | Partition Type: NTFS
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line:
686 Description: Das Handle ist ungültig.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7: The agent has been stopped.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 26.01.2014 08:44:20 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 26.01.2014 08:44:32 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2014 08:45:53 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 26.01.2014 08:46:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 26.01.2014 08:46:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
27.01.2014, 09:07
| #10 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbxESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2014, 22:49
| #11 |
| | Win32.Agent.fbxCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cf1f77196d3b04439d28bbf1ade31cb7
# engine=16814
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-27 08:39:18
# local_time=2014-01-27 09:39:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 100 92792328 228379064 0 0
# scanned=216256
# found=0
# cleaned=0
# scan_time=5409
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 AVG PC TuneUp 2014 AVG PC TuneUp 2014 (de-DE) Java(TM) 6 Update 22 Java(TM) 6 Update 35 Java 7 Update 51 Adobe Flash Player 12.0.0.43 Mozilla Firefox (26.0) Mozilla Thunderbird (1.5). Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter OTL logfile created on: 27.01.2014 21:52:57 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,51 Gb Available Physical Memory | 58,52% Memory free 6,17 Gb Paging File | 3,79 Gb Available in Paging File | 61,48% Paging File free Paging file location(s): C:\pagefile.sys 256 512 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,33 Gb Total Space | 498,03 Gb Free Space | 85,52% Space Free | Partition Type: NTFS Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 344,07 Gb Free Space | 57,71% Space Free | Partition Type: NTFS Drive K: | 14,40 Gb Total Space | 14,17 Gb Free Space | 98,40% Space Free | Partition Type: FAT32 Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll () ========== Services (SafeList) ========== SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( ) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys () DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116 IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 62848 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M] [2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions [2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions [2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net [2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com [2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi [2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml [2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 56.159.50.251 perspeak.avira-update.com O1 - Hosts: 75.244.34.18 personal.nl.avira-update.com O1 - Hosts: 253.249.177.195 profpeak.avira-update.com O1 - Hosts: 157.45.146.186 professional.nl.avira-update.com O1 - Hosts: 60.77.189.71 prempeak.avira-update.com O1 - Hosts: 247.9.37.135 premium.nl.avira-update.com O1 - Hosts: 60.138.2.98 personal.avira-update.com O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 license.superantispyware.com O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27:64bit: - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - K:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014.01.27 19:35:54 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014.01.27 19:35:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014.01.27 19:35:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014.01.27 19:35:46 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014.01.26 22:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2014.01.26 13:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.01.26 13:18:16 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe [2014.01.26 12:52:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses [2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking [2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA [2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa [2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 [2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014 [2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014 [2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014 [2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.27 21:47:48 | 000,987,425 | ---- | M] () -- C:\Users\Helvet\Desktop\SecurityCheck.exe [2014.01.27 21:13:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.27 21:06:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.27 21:06:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.27 20:04:03 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.27 20:04:03 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.27 20:04:03 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.27 20:04:03 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.27 20:04:03 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.27 19:08:16 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.27 19:06:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.27 07:13:39 | 000,330,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.26 13:18:17 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe [2014.01.26 12:51:22 | 001,236,282 | ---- | M] () -- C:\Users\Helvet\Desktop\adwcleaner.exe [2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe [2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini [2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.01.27 21:47:48 | 000,987,425 | ---- | C] () -- C:\Users\Helvet\Desktop\SecurityCheck.exe [2014.01.26 22:33:58 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2014.01.26 12:51:21 | 001,236,282 | ---- | C] () -- C:\Users\Helvet\Desktop\adwcleaner.exe [2014.01.26 12:03:01 | 000,330,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe [2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini [2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk [2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk [2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk [2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI [2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe [2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat [2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf [2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf [2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat [2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat [2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel [2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat [2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat [2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat [2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat [2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box [2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat [2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe [2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.01.2014 21:52:57 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 3,51 Gb Available Physical Memory | 58,52% Memory free
6,17 Gb Paging File | 3,79 Gb Available in Paging File | 61,48% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 498,03 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 344,07 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
Drive K: | 14,40 Gb Total Space | 14,17 Gb Free Space | 98,40% Space Free | Partition Type: FAT32
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.01.2014 02:14:01 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.01.2014 14:06:46 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.01.2014 15:03:53 | Computer Name = Helvet-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\eigene\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 27.01.2014 16:42:38 | Computer Name = Helvet-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line:
686 Description: Das Handle ist ungültig.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7: The agent has been stopped.
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 27.01.2014 02:15:33 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 27.01.2014 02:16:00 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 27.01.2014 02:16:00 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.01.2014 14:05:53 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 27.01.2014 14:06:11 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 27.01.2014 14:06:47 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2014 14:06:47 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.01.2014 14:08:44 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 27.01.2014 14:08:44 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.01.2014 14:09:15 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
 Code:
ATTFilter Search results from Spybot - Search & Destroy
27.01.2014 22:45:32
Scan took 00:31:22.
28 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
Properties.size=75
Properties.md5=D3D5DD48C6677558D932AB9A13AD65F5
Properties.filedate=1390750314
Properties.filedatetext=2014-01-26 16:31:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390660663
Properties.filedatetext=2014-01-25 15:37:42
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol
Properties.size=61
Properties.md5=44E5D6A453380A15806BF03D096F53CC
Properties.filedate=1390735862
Properties.filedatetext=2014-01-26 12:31:01
Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (12) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (150) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
28.01.2014, 15:43
| #12 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbx was willste mir mit dem Gehämmer sagen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.01.2014, 15:53
| #13 |
| | Win32.Agent.fbx Leider findet Spybot immernoch den Agent.fbx.....  |
|
29.01.2014, 10:34
| #14 |
| /// the machine /// TB-Ausbilder | Win32.Agent.fbx Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen) Code:
ATTFilter Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam]
Findet Spybot immer noch was? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2014, 20:22
| #15 |
| | Win32.Agent.fbx Er ist leider noch da.......  Code:
ATTFilter Search results from Spybot - Search & Destroy
29.01.2014 20:16:38
Scan took 00:29:32.
55 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=25C800AF54DBBC785360B64F41347186
Properties.filedate=1390935613
Properties.filedatetext=2014-01-28 20:00:12
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol
Properties.size=209
Properties.md5=D3A6E221A2C6EA9224E24209E93E6A33
Properties.filedate=1390935622
Properties.filedatetext=2014-01-28 20:00:22
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol
Properties.size=53
Properties.md5=462A69E64441160D65310D1139A04B85
Properties.filedate=1390952546
Properties.filedatetext=2014-01-29 00:42:26
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol
Properties.size=54
Properties.md5=9F48A7A7BDFEF767192029171808B8FE
Properties.filedate=1390952942
Properties.filedatetext=2014-01-29 00:49:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
Properties.size=75
Properties.md5=D3D5DD48C6677558D932AB9A13AD65F5
Properties.filedate=1390750314
Properties.filedatetext=2014-01-26 16:31:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\embed.videarn.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=0CAFD06BBB81F9186FDFFAC7E1FC2826
Properties.filedate=1390949944
Properties.filedatetext=2014-01-28 23:59:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\flashstreaming.mobi\com.jeroenwijering.sol
Properties.size=54
Properties.md5=A2E3FE86B3420ACB22284CBDDE8BE413
Properties.filedate=1390935545
Properties.filedatetext=2014-01-28 19:59:04
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\freelivetv.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=5AF6F15ABDE0920B123E1A78D6DD5BD1
Properties.filedate=1390952949
Properties.filedatetext=2014-01-29 00:49:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=25C800AF54DBBC785360B64F41347186
Properties.filedate=1390935628
Properties.filedatetext=2014-01-28 20:00:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol
Properties.size=140
Properties.md5=CC51916370BE1F5924B64E5B79ECAD26
Properties.filedate=1390935852
Properties.filedatetext=2014-01-28 20:04:12
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol
Properties.size=53
Properties.md5=C1F09FC17CE1E9B620EEE54C2D9999CA
Properties.filedate=1390952946
Properties.filedatetext=2014-01-29 00:49:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390660663
Properties.filedatetext=2014-01-25 15:37:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\players.d2see.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=420625B5AF13B007266B767B4A6FCE78
Properties.filedate=1390953107
Properties.filedatetext=2014-01-29 00:51:47
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=076D43CEE5CCF726540E5FCEF9A758BD
Properties.filedate=1390952941
Properties.filedatetext=2014-01-29 00:49:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol
Properties.size=224
Properties.md5=5556090C165BBFB007D35ABDDB0FF895
Properties.filedate=1390953950
Properties.filedatetext=2014-01-29 01:05:49
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=17693
Properties.md5=6C156B6E62E3521D059A70362D58CD75
Properties.filedate=1390953946
Properties.filedatetext=2014-01-29 01:05:46
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static1.dmcdn.net\com.dm.player.sol
Properties.size=297
Properties.md5=B1C988A353AC7AD9C789FBF079384257
Properties.filedate=1390941794
Properties.filedatetext=2014-01-28 21:43:13
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol
Properties.size=53
Properties.md5=F83D0B2267A5863963A20681394720F0
Properties.filedate=1390952948
Properties.filedatetext=2014-01-29 00:49:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\videarn.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=9B4914880AF65BCF475CAD4D898217B4
Properties.filedate=1390949693
Properties.filedatetext=2014-01-28 23:54:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\vk.com\VkontaktePlayer.sol
Properties.size=54
Properties.md5=4C931C53AF72AD9275309F55428BF298
Properties.filedate=1390942106
Properties.filedatetext=2014-01-28 21:48:26
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.dcast.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=D5E11BFC5E604DDD3CF755D9083E9E85
Properties.filedate=1390952951
Properties.filedatetext=2014-01-29 00:49:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=EEAA386C7D82FEB068A831E16124E80D
Properties.filedate=1390952577
Properties.filedatetext=2014-01-29 00:42:57
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol
Properties.size=54
Properties.md5=08090091D0DBCBE5AE863FC45FAA6C07
Properties.filedate=1390952940
Properties.filedatetext=2014-01-29 00:49:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.ilive.to\com.jeroenwijering.sol
Properties.size=54
Properties.md5=251AD3DA0D52F1EFE412A5F321BDB0BC
Properties.filedate=1390952948
Properties.filedatetext=2014-01-29 00:49:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.kbps.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=B9BFBDF005CE5EB7B04DE503E8AF4847
Properties.filedate=1390952952
Properties.filedatetext=2014-01-29 00:49:11
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.sunmaker.com\mwc_userSettings.sol
Properties.size=131
Properties.md5=1B7FA6D6279182BA58B3D7DBB7AAE049
Properties.filedate=1390935880
Properties.filedatetext=2014-01-28 20:04:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol
Properties.size=100
Properties.md5=884FA3C5739E3B1D4DC308013C48FA32
Properties.filedate=1390952632
Properties.filedatetext=2014-01-29 00:43:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\eu-st.xhamster.com\videoplayerC.swf\dats.sol
Properties.size=36
Properties.md5=737726F08D709EFE2DEC4DF4E651CA5F
Properties.filedate=1390946013
Properties.filedatetext=2014-01-28 22:53:32
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\pics.smotri.com\broadcast_play.swf\sin.sol
Properties.size=166
Properties.md5=578ACBAE8FA81B647A478987CC8E1B28
Properties.filedate=1390945317
Properties.filedatetext=2014-01-28 22:41:57
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\50.97.229.122\re-streamer-high\flowplayer-3.0.7.swf\org.flowplayer.sol
Properties.size=67
Properties.md5=EA7DE6E7FF2F6272066E10F31C965E06
Properties.filedate=1390953046
Properties.filedatetext=2014-01-29 00:50:46
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
Properties.size=44
Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
Properties.filedate=1390954513
Properties.filedatetext=2014-01-29 01:15:12
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol
Properties.size=61
Properties.md5=44E5D6A453380A15806BF03D096F53CC
Properties.filedate=1390735862
Properties.filedatetext=2014-01-26 12:31:01
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
Properties.size=61
Properties.md5=315EFC2B22C338CA28CF1126167B41F5
Properties.filedate=1390951017
Properties.filedatetext=2014-01-29 00:16:56
Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (10) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (17) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (461) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
| Themen zu Win32.Agent.fbx |
| .com, appdata, avg, bli, browser, computer, dll, explorer, explorer.exe, file, flash player, folge, helper.exe, installation, log, log in, lyx, malwarebytes, microsoft, online, problem, registry key, roaming, setup, software, sp2, user agent, vista, win32.agent.fbx, windows |
Linear-Darstellung
