Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: RKIT/agent.depg.1 in BAcroIEHelpe171.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.07.2012, 14:42   #1
Donathan
 
RKIT/agent.depg.1 in BAcroIEHelpe171.dll - Standard

RKIT/agent.depg.1 in BAcroIEHelpe171.dll



EDIT: Eigentlicher Threadtitel: RKIT/agent.depg.1 in BAcroIEHelpe171.dll
Konnte ich allerdings nicht posten, der Titel war "zu unspezifisch".



Hey Board!

Bin jetzt also auch von dem Trojaner befallen


Anti-Malware:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
hanebüchen :: <USER> [Administrator]

21.07.2012 14:35:29
mbam-log-2012-07-21 (15-28-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343390
Laufzeit: 49 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\hanebüchen\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\hanebüchen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\55d7f9af-1256256a (Backdoor.Bot) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\Downloads\SoftonicDownloader_fuer_meat-boy.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\hanebüchen\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)
         

OTL:

Code:
ATTFilter
OTL logfile created on: 21.07.2012 15:31:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\hanebüchen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\hanebüchen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll ()
MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchya.com/?chnl=ft-100&s=0&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 76 E7 D4 6C B3 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}: "URL" = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SearchYa!"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://searchya.com"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.3.0.19
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\hanebüchen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.02 22:41:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.02 22:41:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.21 14:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:49:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.01.14 00:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Extensions
[2012.06.15 15:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions
[2012.03.28 23:06:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.16 14:34:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.20 19:11:48 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2011.12.14 19:40:51 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.13 20:50:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@Facemoods.com
[2012.02.23 03:24:37 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@searchya.com
[2011.02.02 16:26:46 | 000,000,921 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\conduit.xml
[2012.07.11 21:19:09 | 000,000,950 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin-1.xml
[2011.02.04 21:54:50 | 000,001,056 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\icqplugin.xml
[2012.02.23 02:02:30 | 000,001,497 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\searchya.xml
[2011.12.14 19:40:45 | 000,003,915 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\Mozilla\Firefox\Profiles\29uan24s.default\searchplugins\sweetim.xml
[2012.03.18 15:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.11 13:31:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ECE24DCF-8548-4655-B392-47A388721482}
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.16 19:49:10 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.25 23:46:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.25 23:46:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.25 23:46:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.13 20:50:36 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.04.25 23:46:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.25 23:46:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.25 23:46:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [fedja] C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\hanebüchen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Userinit] C:\Users\hanebüchen\AppData\Roaming\appconf32.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hanebüchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F946994-739F-4636-80FC-7D1839251284}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.21 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\Malwarebytes
[2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.21 14:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.21 14:33:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.21 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.21 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.21 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.21 14:12:54 | 000,000,000 | ---D | C] -- C:\avrescue
[2012.07.21 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.028
[2012.07.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.027
[2012.07.17 18:47:35 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\Kaspersky Rescue2Usb
[2012.07.17 18:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012.07.17 18:47:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012.07.17 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.026
[2012.07.14 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.025
[2012.07.13 20:28:58 | 000,000,000 | ---D | C] -- C:\xmldm
[2012.07.13 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.024
[2012.07.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.023
[2012.07.11 21:07:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 21:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 21:06:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 21:06:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.022
[2012.07.11 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\UAs
[2012.07.10 21:21:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.021
[2012.07.10 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\xmldm
[2012.07.10 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\kock
[2012.07.09 22:59:59 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\Desktop\MOBILE_MP4
[2012.07.09 22:58:13 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.07.09 22:58:13 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.07.09 22:58:13 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.07.09 22:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.07.09 22:56:07 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.07.09 22:56:07 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.07.09 22:56:07 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012.07.09 22:56:07 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012.07.09 22:56:07 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012.07.09 22:56:07 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012.07.09 22:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.07.09 22:56:06 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012.07.09 22:56:06 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012.07.09 22:56:06 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012.07.09 22:56:06 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012.07.09 22:56:06 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012.07.09 22:56:05 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012.07.09 22:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.07.01 14:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.01 14:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.07.01 14:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.07.01 14:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.06.22 18:10:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 18:10:44 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 18:10:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 18:10:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 18:10:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 18:10:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 18:10:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 18:10:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.21 15:30:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 14:33:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:07:12 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:03:09 | 000,268,992 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.21 14:03:09 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.21 14:02:44 | 000,000,034 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res
[2012.07.21 13:58:39 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 13:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.21 13:58:02 | 3220,619,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 12:36:37 | 000,006,400 | ---- | M] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll
[2012.07.17 18:48:51 | 210,292,736 | ---- | M] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso
[2012.07.17 18:47:30 | 000,001,062 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk
[2012.07.17 18:46:29 | 000,965,888 | ---- | M] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2012.07.12 09:21:51 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 20:59:48 | 325,745,326 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.08 20:24:27 | 090,236,421 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV
[2012.07.07 00:27:44 | 003,110,750 | ---- | M] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 20:17:34 | 000,233,450 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG
[2012.07.01 19:58:35 | 000,082,009 | ---- | M] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG
[2012.06.22 19:41:57 | 003,876,963 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning    Lyrics.mp3
[2012.06.22 19:39:23 | 004,003,433 | ---- | M] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\hanebüchen\AppData\Roaming\*.tmp files -> C:\Users\hanebüchen\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.21 14:33:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.21 14:03:09 | 000,268,992 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\AcroIEHelpe172.dll
[2012.07.21 14:03:09 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll
[2012.07.21 14:02:44 | 000,000,034 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\blckdom.res
[2012.07.18 12:36:37 | 000,006,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe171.dll
[2012.07.17 18:48:50 | 210,292,736 | ---- | C] () -- C:\Users\hanebüchen\Desktop\KWU_1.0.3.upd.iso
[2012.07.17 18:47:30 | 000,001,062 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Optimizer Pro.lnk
[2012.07.17 18:46:26 | 000,965,888 | ---- | C] () -- C:\Users\hanebüchen\Desktop\Kaspersky-USB-Rescue-Disk-Maker-Setup.exe
[2012.07.09 22:58:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.07.09 22:56:07 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012.07.09 22:56:07 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.07.09 22:56:06 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2012.07.09 22:56:06 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012.07.09 22:56:06 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012.07.09 22:56:06 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012.07.09 22:56:06 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012.07.09 22:56:06 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012.07.09 22:56:06 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012.07.09 22:56:05 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012.07.09 22:56:05 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012.07.08 20:29:55 | 090,236,421 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0169.MOV
[2012.07.07 00:27:33 | 003,110,750 | ---- | C] () -- C:\Users\hanebüchen\Desktop\CASPER x HALBE MILLE.mp3
[2012.07.01 20:20:09 | 000,082,009 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0152.JPG
[2012.07.01 20:18:27 | 000,233,450 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0154.PNG
[2012.06.22 19:41:42 | 003,876,963 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J Cole in The Morning    Lyrics.mp3
[2012.06.22 19:39:09 | 004,003,433 | ---- | C] () -- C:\Users\hanebüchen\Desktop\J. Cole - Lost Ones (Lyrics).mp3
[2012.06.22 12:43:24 | 001,147,459 | ---- | C] () -- C:\Users\hanebüchen\Desktop\IMG_0092.JPG
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.24 02:50:19 | 000,069,548 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\icarus-dxdiag.xml
[2012.02.23 02:02:36 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.10 19:00:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.27 21:30:42 | 011,366,400 | ---- | C] () -- C:\Users\hanebüchen\AppData\Roaming\Sandra.mdb
[2012.01.22 02:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.01.05 21:24:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{390206F0-C60C-4045-8999-D6FC20FD1176}
[2011.10.23 14:08:43 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BA64E7C5-9A62-409C-854D-737BF9C30F75}
[2011.10.20 19:47:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D1CA7396-9E07-4F70-BA7C-21062883FB9E}
[2011.10.19 09:26:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{6B0AEDEC-CC7E-4679-8D5F-2F191DBE7FC6}
[2011.10.18 09:28:09 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D7ED4401-6FC0-4B10-B972-89334F2337C7}
[2011.10.14 08:27:14 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{D6331676-AD31-4416-8576-B4A192F45961}
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 11:35:24 | 000,000,000 | ---- | C] () -- C:\Users\hanebüchen\AppData\Local\{BB44AB02-A155-4DF4-80E0-9C958FC16910}
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.06 17:31:06 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.14 01:22:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\hanebüchen\AppData\Roaming\appconf32.exe

< End of report >
         

OTL EXTRAS:

Code:
ATTFilter
OTL Extras logfile created on: 21.07.2012 15:31:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\hanebüchen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
8,00 Gb Paging File | 5,46 Gb Available in Paging File | 68,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 357,86 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: HANEBÜCHEN-PC | User Name: hanebüchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DAF7C8-36D5-47DF-AB96-DDFCD0136670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{086EC40A-CE73-4347-8B64-C0BEE4F61E4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A43AE46-2A59-490E-81A8-BCD7F94A2088}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11414669-2EAE-437A-A655-08E8F8E46953}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2521C543-6672-4127-A6F0-E4337E5EB7DC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2EA103D7-99EC-44A6-906E-8E0C394D20FA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2EA2E9B6-2337-4FCF-82C5-E7EEABBD323A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{37A79387-BF46-4F53-AC30-52F6F9323DCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3A66E529-1AF3-4778-A0B9-FC40B9A7B3CA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51263C83-3543-4A52-A376-D34B83B76EB4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{51CC6CBA-4A30-4BFF-8214-35AE31CE68CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{56E0F830-79ED-422C-9110-EDA8045D4E26}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5C3E98A4-6D11-4738-AF03-37AABAF40727}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F3E2D89-458F-4FED-89AC-A3B074144256}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5FE1526B-4FE4-4D9A-B0DA-CAEB0E6AB5C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C70194E-A486-46CA-8B06-25969CD9C04D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{738994B9-DC55-4C84-9BF8-FC5CE17643E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7BA3B8EA-E2D7-4B69-BFB6-50BE152E8D8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{82BCC8A4-01DD-48F7-98CF-2645F4F1907B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B5CB794-1F34-4594-87EF-F10433E6B788}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\wnt500x64\rpcsandrasrv.exe | 
"{8B7A5575-A48F-4DEE-8465-29078C5BA646}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1c\rpcagentsrv.exe | 
"{A6462CC2-8FB6-40A0-A328-0B72179EC461}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B559D9EB-3D9E-4FE0-8CB9-9DEA5EFC65D0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9E12DAB-F26D-4048-9084-18B40797CC93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C05CF4AC-89B3-4349-BA4B-B6E3097C90C0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E85479E8-2CB8-44BE-9E8B-58AAE3CB8DFF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290484E-D718-4426-AA2A-3154BC85F03E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{0801C795-9121-49F5-AC1B-9274F3AF5D8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08215A4F-8053-4829-8AAE-13AD52C04153}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{08DAC84F-E330-4BB1-BE69-51F47DF295FD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0BCB5801-E5AB-4287-9FEC-D1175D34C3EA}" = protocol=6 | dir=out | app=system | 
"{0CF0D2B9-7B2D-405A-B360-24ABF99F69DA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{14968090-2C92-4280-9273-74C13D1BA764}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{15D9820F-CD1B-4BA6-95EB-1D5B9AAEB8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{18491FC7-234A-4350-B21B-5C8B959AC210}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{19555B8A-F7BE-485A-A6FB-9DEE0936C10E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1E9D9F56-00CE-4FEA-BFA9-E76498558EFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{20BBE0DF-8833-4251-A4FF-8D4701834A8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe | 
"{27A9AF47-3191-464A-BE4E-CE1C9273A964}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{30419D49-C654-43D0-A12B-6F738570F9F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{376E6E32-6C6C-4E46-9DEB-4AFE9A656FCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{393E06FA-99AB-417E-93F8-C4B712164E69}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{3953107E-185F-4C1E-B281-3362CB8A053A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{3BCCDE3C-0F7C-45E3-B1B3-043EA81DAE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{3CF398CA-F86E-48A6-881A-93A3FBB1D0C3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4183FFB1-6506-493F-AAB2-97F1EB971845}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{41A3C1A0-EC1F-4FAC-A360-35573E5ED0AD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{420E34FB-21F4-447B-8C65-0E78715C697E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{45B50E0C-289B-4E66-944C-324C82B9E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | 
"{4A58D5CC-241F-4994-911A-5A5BC757638A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4BB4D846-4320-4A9F-8488-DC05FF37FCDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\garrysmod\hl2.exe | 
"{50559C52-63EF-42F1-B84D-2D3E64BC6AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{52B2BC4D-15F3-437B-9A80-DC94CA5FCE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe | 
"{54874072-7C06-4A21-9452-406D7D872A82}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{574BCFCC-02DA-4822-AB34-F443B495E0DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{57712A18-D97F-4591-A427-D4A69104B8E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{5DE8FB6F-0A13-4ADE-A36C-47A96FD3714E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe | 
"{5FCA8728-796F-449B-BEA3-DECA5063046B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{63BD1307-AD0A-479D-BE24-AB18EABE9C1F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{67D081C7-EC5E-4C59-BD7E-41D0F5BFB53D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{77C10D7C-531D-4644-8A96-192FE125C58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B220429-0B33-46E0-89A5-6907C6DC3CC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83D14D8D-60A4-4BB4-806F-822B804974F1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{889DF2E5-EB44-48B1-9FEC-178B6AEC55B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\donathanfranklin\counter-strike source\hl2.exe | 
"{89AC8CC6-35EE-4A48-B63E-927186F9DC30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F49916A-832F-4F0B-9DA6-4B7D2BC2EEBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92E367E8-268D-46A6-BA20-705E0242D527}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{92FC89A4-FCD9-4880-A706-9BC5E9613042}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{95760D62-7D65-429A-8373-ADDBD25BB006}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D79F2CF-D34C-4F6F-8CB2-01966BD0EB98}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{A1D99B44-24F6-44D4-9915-9C220B818BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A968A283-D2E6-4956-B835-4CC17A128E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA1E5082-6507-4A9F-BE2A-1A5D79ED2936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD37DCF9-D85A-4D96-949D-74E4BE6343D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B277A8A9-926D-4AD7-BC47-EED8446FA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B5FAAF81-42F8-43CD-9680-F72648BCF9DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BADDBA00-4224-4487-AE29-36D68461FF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BB6CD3D2-5B21-4C8E-BD01-826CA63EE8CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD358423-C358-41E9-ACDB-AE3A89CF05B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{BE26E693-D712-4546-8822-1FB8152BD79F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C5D2E746-9C0A-4F9A-A51E-AC282C43DD5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C9721C09-8E0D-4B04-B2C1-BDBFD36AD50D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9B26F93-1166-4861-9629-915F8F3C5B95}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{CE302D7C-9119-47B6-AC88-3E6B0CE59589}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D35EE08C-F7F7-4BFC-B91A-27FD21C2B37F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{DDBD9B19-5270-4201-94AA-DDA1DD299C7E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{E2661590-7463-4915-891D-4E115ED8B1E1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{E57EE8EE-CA4C-468F-AEC6-A32588C6EBE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe | 
"{EC279E44-08CB-473A-BC53-DC48823F954E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{F7487ED9-14F8-438D-AB2D-D629A246FA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe | 
"{F9D0841A-4293-49FE-9D1E-7CA95FB020BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FAF63D86-FE0F-41B0-A493-EC4F884F5A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0B0D7633-EA6F-441C-B823-84E2C31E13E5}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe | 
"TCP Query User{15E61B82-DC80-401B-A8E3-C88A294B0CA6}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{E6B7F748-99EE-4ECC-9B5D-1253A5B360A0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{EABA9E59-1FE4-494C-A520-41A491F489CE}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0D7EB447-037A-4AC8-80C9-742AF2384023}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3C3FAC12-AAF4-4AA2-B598-76356DD7FEA0}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{5BA583F7-A460-486F-A096-EA1CEB098EEA}C:\users\hanebüchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hanebüchen\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{C9D29781-F7C1-479E-9F18-C772E290953C}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1c
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11373106-6476-4C56-9E1E-88A1CD9F8809}" = Scrabble3D
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"eVer-Craft_is1" = eVer-Craft
"facemoods" = Facemoods Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Gamers.IRC" = Gamers.IRC 6.00
"GamersFirst LIVE!" = GamersFirst LIVE!
"ICQToolbar" = ICQ Toolbar
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"OpenAL" = OpenAL
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PokerStars" = PokerStars
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UT2004" = Unreal Tournament 2004
"VLC media player" = VLC media player 1.1.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator
"Game Organizer" = EasyBits GO
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
 
Error - 16.07.2012 09:11:32 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
 
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6349
 
Error - 16.07.2012 09:11:35 | Computer Name = hanebüchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6349
 
Error - 17.07.2012 12:38:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cea18  ID des fehlerhaften
 Prozesses: 0x444  Startzeit der fehlerhaften Anwendung: 0x01cd643a68aae760  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: d23baed0-d02d-11e1-8554-0024217aa999
 
Error - 17.07.2012 12:45:22 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x73f9e294  ID des fehlerhaften
 Prozesses: 0x668  Startzeit der fehlerhaften Anwendung: 0x01cd643ac8a43d60  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: cc5be8d0-d02e-11e1-8554-0024217aa999
 
Error - 17.07.2012 12:46:30 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: AcroIEHelpe170.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x500572da  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6a0194ca  ID des fehlerhaften Prozesses: 0x15e0  Startzeit der fehlerhaften Anwendung:
 0x01cd643add0fbf90  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: AcroIEHelpe170.dll  Berichtskennung:
 f52233f0-d02e-11e1-8554-0024217aa999
 
Error - 17.07.2012 12:49:42 | Computer Name = hanebüchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: com.apple.WindowsContacts.client.exe,
 Version: 17.17.0.77, Zeitstempel: 0x4f186178  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x000cea18  ID des fehlerhaften Prozesses: 0x1548  Startzeit der fehlerhaften Anwendung:
 0x01cd643c28d7e7d0  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
 Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe  Pfad des 
fehlerhaften Moduls: unknown  Berichtskennung: 67538a50-d02f-11e1-8554-0024217aa999
 
[ System Events ]
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.07.2012 13:09:13 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 17.07.2012 13:13:41 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 17.07.2012 13:14:23 | Computer Name = hanebüchen-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Live ID Sign-in Assistant erreicht.
 
Error - 19.07.2012 04:30:18 | Computer Name = hanebüchen-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         


Ich hoffe sehr das ihr mir weiterhelfen könnt, vielen Dank im Voraus!

Alt 22.07.2012, 16:57   #2
Donathan
 
RKIT/agent.depg.1 in BAcroIEHelpe171.dll - Standard

RKIT/agent.depg.1 in BAcroIEHelpe171.dll



Ist mir etwa nicht mehr zu helfen ?
__________________


Alt 27.07.2012, 19:18   #3
t'john
/// Helfer-Team
 
RKIT/agent.depg.1 in BAcroIEHelpe171.dll - Standard

RKIT/agent.depg.1 in BAcroIEHelpe171.dll





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL

MOD - C:\Users\hanebüchen\AppData\Roaming\BAcroIEHelpe172.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 
IE - HKCU\..\SearchScopes\{29048FA3-68A5-48ED-B6AE-BEBA51D6B9A5}: "URL" = http://searchya.com/?chnl=ft-100&s=1&cr=1179406793&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzytB0EtDtC0FyDtDyE0E0EtN0D0TzutBtDtCtBtDtBtBtA&q={searchTerms} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={BDFC3690-267A-11E1-AAC4-0024217AA999} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "TenchisTV Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "" 
FF - prefs.js..browser.search.selectedEngine: "SearchYa!" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "http://searchya.com" 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 
FF - prefs.js..extensions.enabledItems: {ece24dcf-8548-4655-b392-47a388721482}:3.3.0.19 
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Facemoods Search" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2411669&SearchSource=3&q={searchTerms}" 
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Facemoods Search" 
FF - prefs.js..browser.startup.homepage: "google.de" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\hanebüchen\AppData\Roaming\13001.028 [2012.07.21 14:02:51 | 000,000,000 | ---D | M] 
[2011.01.14 00:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Extensions 
[2012.06.15 15:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions 
[2012.03.28 23:06:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} 
[2011.09.16 14:34:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2012.05.20 19:11:48 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\{ece24dcf-8548-4655-b392-47a388721482} 
[2011.04.13 20:50:36 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@Facemoods.com 
[2012.02.23 03:24:37 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\hanebüchen\AppData\Roaming\mozilla\Firefox\Profiles\29uan24s.default\extensions\ffxtlbr@searchya.com 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\{ECE24DCF-8548-4655-B392-47A388721482} 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI 
File not found (No name found) -- C:\USERS\HANEBüCHEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\29UAN24S.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) 
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) 
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) 
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () 
O4 - HKCU..\Run: [Spotify] C:\Users\hanebüchen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) 
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\hanebüchen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () 
O4 - HKCU..\Run: [Userinit] C:\Users\hanebüchen\AppData\Roaming\appconf32.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () 
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{27d73e07-1f5d-11e0-8da6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe 
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun 
O33 - MountPoints2\{9b5a6239-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell - "" = AutoRun 
O33 - MountPoints2\{9b5a623e-ed96-11e0-86bc-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun 
O33 - MountPoints2\{ba22721a-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell - "" = AutoRun 
O33 - MountPoints2\{ba227222-ed24-11e0-b67f-0024217aa999}\Shell\AutoRun\command - "" = J:\AutoRun.exe 
O33 - MountPoints2\I\Shell - "" = AutoRun 
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\J\Shell - "" = AutoRun 
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe 

[2012.07.21 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.028 
[2012.07.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.027 
[2012.07.17 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.026 
[2012.07.14 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.025 
[2012.07.13 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.024 
[2012.07.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.023 
[2012.07.11 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.022 
[2012.07.11 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\UAs 
[2012.07.10 21:21:48 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\13001.021 
[2012.07.10 21:21:28 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\xmldm 
[2012.07.10 21:21:20 | 000,000,000 | ---D | C] -- C:\Users\hanebüchen\AppData\Roaming\kock 
[2008.12.09 17:23:13 | 000,051,152 | RHS- | C] () -- C:\Users\hanebüchen\AppData\Roaming\appconf32.exe 


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
__________________

Alt 11.08.2012, 02:21   #4
t'john
/// Helfer-Team
 
RKIT/agent.depg.1 in BAcroIEHelpe171.dll - Standard

RKIT/agent.depg.1 in BAcroIEHelpe171.dll



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu RKIT/agent.depg.1 in BAcroIEHelpe171.dll
7-zip, antivir, any video converter, autorun, avira, bho, bonjour, converter, desktop, device driver, error, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, kaspersky, langs, launch, locker, logfile, mozilla, mp3, object, optimizer pro, pando media booster, pdf creator, pup.searchya, registry, rundll, scan, searchscopes, security, software, spotify web helper, super, svchost.exe, sweetim, teamspeak, trojaner



Ähnliche Themen: RKIT/agent.depg.1 in BAcroIEHelpe171.dll


  1. rkit/agent.36864.5
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (10)
  2. rkit/agent.dfjv
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (33)
  3. RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware
    Log-Analyse und Auswertung - 22.08.2012 (58)
  4. Avira meldet Fund - Agent.depg.1 (Trojan)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (34)
  5. RKIT/agent.depg.1 in BAcroIEHelpe171.dll gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (36)
  6. RKIT/agent.depg.1, Spy.Banker.Gen und andere ...
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (12)
  7. RKIT/agent.depg.1 - wie werde ich das los?
    Log-Analyse und Auswertung - 27.07.2012 (5)
  8. TR/Agent.AOXU und RKIT/Agent.depg.1
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (3)
  9. Rkit/agent.10248192
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (4)
  10. RKIT/Agent.AW
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  11. RKIT/Agent.biiu befall
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (11)
  12. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  13. Hilfe !! RKIT/Agent.U
    Plagegeister aller Art und deren Bekämpfung - 01.05.2008 (9)
  14. RKIT/Agent.WK
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (1)
  15. Trojaner TR/RKit.Agent.DW.2 gefunden :/
    Log-Analyse und Auswertung - 24.03.2007 (1)
  16. Trojaner TR/RKit.Agent.BK
    Log-Analyse und Auswertung - 03.03.2006 (5)
  17. TR/RKit.Agent.Q
    Plagegeister aller Art und deren Bekämpfung - 14.07.2005 (9)

Zum Thema RKIT/agent.depg.1 in BAcroIEHelpe171.dll - EDIT: Eigentlicher Threadtitel: RKIT/agent.depg.1 in BAcroIEHelpe171.dll Konnte ich allerdings nicht posten, der Titel war "zu unspezifisch". Hey Board! Bin jetzt also auch von dem Trojaner befallen Anti-Malware: Code: Alles auswählen - RKIT/agent.depg.1 in BAcroIEHelpe171.dll...
Archiv
Du betrachtest: RKIT/agent.depg.1 in BAcroIEHelpe171.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.