Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win32.Agent.fbx (https://www.trojaner-board.de/148525-win32-agent-fbx.html)

Helvet 23.01.2014 22:30
Win32.Agent.fbx
 
Hallo Trojaner-Board
Als Newbie stürze ich mal gleich mit einem Problem herein. Eigentlich läuft mein PC ziemlich rund, kann mich nicht beschweren. Ich nutze Vista SP2 64 bit, benutze AVG IS 2014, PC-Tune Up 2014 von AVG und Spybot. Und eben Spybot fand dann diesen fiesen Win32.Agent.fbx sowie 2 weitere Malwarefunde in der Registry. Um Eurer Hilfe (bittebitte) möglichst genau folgen zu können, anbei der Log von Spybot. Malwarebytes läugt gerade, Log in ca. 90 Minuten. Ich habe mir zwar schon ein paar Postings durchgelesen, aber Ihr schreibt ja selbst, jedes Problem ein eigenes Posting.
Bis hierhin schonmal vielen Dank im voraus.

Search results from Spybot - Search & Destroy

23.01.2014 19:28:11
Scan took 00:29:31.
61 items found.

Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=0AED3CA4DAB9CB084CAF8D15AB76516B
Properties.filedate=1390345734
Properties.filedatetext=2014-01-22 00:08:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol
Properties.size=206
Properties.md5=891A43EEACF7B66DC9724EA62D861C24
Properties.filedate=1390345741
Properties.filedatetext=2014-01-22 00:09:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=CBE8A959E4E30B2BA46B81BB4A5C2B51
Properties.filedate=1390435041
Properties.filedatetext=2014-01-23 00:57:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390338164
Properties.filedatetext=2014-01-21 22:02:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol
Properties.size=54
Properties.md5=F5DF4C35569BF2D4248108D4961D5D0D
Properties.filedate=1390432386
Properties.filedatetext=2014-01-23 00:13:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\fixed_id.sol
Properties.size=54
Properties.md5=322C9047411814507A66AB957DC33256
Properties.filedate=1390431232
Properties.filedatetext=2014-01-22 23:53:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\mini_login.sol
Properties.size=48
Properties.md5=24D469038E947632F5BA50468F0384C0
Properties.filedate=1390431251
Properties.filedatetext=2014-01-22 23:54:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\d261sv3xac0f7i.cloudfront.net\helpData.sol
Properties.size=128
Properties.md5=D1329615794E852D37071C40E2F9A3D8
Properties.filedate=1390335822
Properties.filedatetext=2014-01-21 21:23:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
Properties.size=75
Properties.md5=E6BD9E15FD07866A5EC303BB745AB8DF
Properties.filedate=1390345641
Properties.filedatetext=2014-01-22 00:07:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol
Properties.size=149
Properties.md5=F08644EF7685E7B5B0C7993B37B659F4
Properties.filedate=1390345745
Properties.filedatetext=2014-01-22 00:09:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol
Properties.size=196
Properties.md5=434DB875A1BD1372DB5CADAAB1BF27DF
Properties.filedate=1390345941
Properties.filedatetext=2014-01-22 00:12:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol
Properties.size=54
Properties.md5=D05E870A22F9016572A1EAB215A5B3DF
Properties.filedate=1390434268
Properties.filedatetext=2014-01-23 00:44:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\m.indostreamix.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=26D7A7C3340DD5CC7078D477C5575FCB
Properties.filedate=1390432846
Properties.filedatetext=2014-01-23 00:20:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\onlinetv-stream.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=FED29F7EF7CB6880B7C71D52282116DC
Properties.filedate=1390431985
Properties.filedatetext=2014-01-23 00:06:24

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
Properties.size=42
Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
Properties.filedate=1390334852
Properties.filedatetext=2014-01-21 21:07:31

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.gl-systemhaus.de\b7v2.sol
Properties.size=39
Properties.md5=EFCDBDAD6C520FFF3B8D49CA75FA59FF
Properties.filedate=1390335708
Properties.filedatetext=2014-01-21 21:21:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.longtailvideo.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=64DA7C8D09642C1F7A29F1E9FEE66C14
Properties.filedate=1390433986
Properties.filedatetext=2014-01-23 00:39:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=2048A1E689699F871FF3106D07779388
Properties.filedate=1390432157
Properties.filedatetext=2014-01-23 00:09:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\source.mmi.bemobile.ua\mmi.sol
Properties.size=66
Properties.md5=EC5D22D4E2D1AC82276C8E6CE88D6969
Properties.filedate=1390348002
Properties.filedatetext=2014-01-22 00:46:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol
Properties.size=224
Properties.md5=FCE76F6B93702F0068861148F0479DCA
Properties.filedate=1390432785
Properties.filedatetext=2014-01-23 00:19:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.irc.sol
Properties.size=3410
Properties.md5=D06740CD79B728ACC448E8ADED2BD653
Properties.filedate=1390434040
Properties.filedatetext=2014-01-23 00:40:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=17700
Properties.md5=0303C29E901278818BEF9A3539CB7284
Properties.filedate=1390434040
Properties.filedatetext=2014-01-23 00:40:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=31152F5C0DC7623131BE11DD214C993B
Properties.filedate=1390434707
Properties.filedatetext=2014-01-23 00:51:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.9flash.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=D10E6AD99CF6DE3C142B71EF575E8397
Properties.filedate=1390434785
Properties.filedatetext=2014-01-23 00:53:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.casti.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=90FC28E54A256E4976BEBE6206F377AA
Properties.filedate=1390431643
Properties.filedatetext=2014-01-23 00:00:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=992CA86A1C57725C85D5F31706CFE68D
Properties.filedate=1390432794
Properties.filedatetext=2014-01-23 00:19:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.gagalive.kr\gaga6.sol
Properties.size=107
Properties.md5=06E0840408A0D5DC849346F8DECCFF7D
Properties.filedate=1390431428
Properties.filedatetext=2014-01-22 23:57:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol
Properties.size=54
Properties.md5=3C3F1C307809CB5101F704D54A3AB04D
Properties.filedate=1390434063
Properties.filedatetext=2014-01-23 00:41:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metropol.cz\com.jeroenwijering.sol
Properties.size=54
Properties.md5=9B536D76E96CB92C698642A74AF30A78
Properties.filedate=1390433827
Properties.filedatetext=2014-01-23 00:37:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metrotvnews.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=471B5AB4735AF73E810E0972640D21A8
Properties.filedate=1390431520
Properties.filedatetext=2014-01-22 23:58:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.porniz.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=24488D18EB0CBE973A189456FB747CE1
Properties.filedate=1390434306
Properties.filedatetext=2014-01-23 00:45:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.quartarete.tv\com.jeroenwijering.sol
Properties.size=53
Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3
Properties.filedate=1390431833
Properties.filedatetext=2014-01-23 00:03:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.shanson.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=BCA4057E2EFA8431C9C986CB9D01CC86
Properties.filedate=1390432806
Properties.filedatetext=2014-01-23 00:20:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.winstar.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=4DA91764F1FB6FCA043E248C87C19B8C
Properties.filedate=1390432794
Properties.filedatetext=2014-01-23 00:19:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol
Properties.size=100
Properties.md5=80F2991DD668691BB52167916BE7862E
Properties.filedate=1390434263
Properties.filedatetext=2014-01-23 00:44:23

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\info.info.info-info-info-info-info.info\mp3player.swf\1413292_0_en.sol
Properties.size=99
Properties.md5=1F8F152A94590C73A1C10641060E0365
Properties.filedate=1390431428
Properties.filedatetext=2014-01-22 23:57:08

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
Properties.size=44
Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
Properties.filedate=1390345730
Properties.filedatetext=2014-01-22 00:08:50

Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (6) (Browser: Cache, nothing done)


Verlauf: [SBI $49804B54] Browser: History (78) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (236) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Und hier die Logdatei vom Malewarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.18.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Helvet :: HELVET-PC [Administrator]

23.01.2014 21:13:38
MBAM-log-2014-01-23 (22-29-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442082
Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

schrauber 23.01.2014 23:17
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Helvet 23.01.2014 23:32
Code:
Search results from Spybot - Search & Destroy

23.01.2014 19:28:11
Scan took 00:29:31.
61 items found.

Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Complitly: [SBI $5DB75812] Interface (Registry Key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol
  Properties.size=149
  Properties.md5=0AED3CA4DAB9CB084CAF8D15AB76516B
  Properties.filedate=1390345734
  Properties.filedatetext=2014-01-22 00:08:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol
  Properties.size=206
  Properties.md5=891A43EEACF7B66DC9724EA62D861C24
  Properties.filedate=1390345741
  Properties.filedatetext=2014-01-22 00:09:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=CBE8A959E4E30B2BA46B81BB4A5C2B51
  Properties.filedate=1390435041
  Properties.filedatetext=2014-01-23 00:57:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\badoocdn.com\statf.sol
  Properties.size=42
  Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
  Properties.filedate=1390338164
  Properties.filedatetext=2014-01-21 22:02:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=F5DF4C35569BF2D4248108D4961D5D0D
  Properties.filedate=1390432386
  Properties.filedatetext=2014-01-23 00:13:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\fixed_id.sol
  Properties.size=54
  Properties.md5=322C9047411814507A66AB957DC33256
  Properties.filedate=1390431232
  Properties.filedatetext=2014-01-22 23:53:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\chatango.com\mini_login.sol
  Properties.size=48
  Properties.md5=24D469038E947632F5BA50468F0384C0
  Properties.filedate=1390431251
  Properties.filedatetext=2014-01-22 23:54:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\d261sv3xac0f7i.cloudfront.net\helpData.sol
  Properties.size=128
  Properties.md5=D1329615794E852D37071C40E2F9A3D8
  Properties.filedate=1390335822
  Properties.filedatetext=2014-01-21 21:23:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
  Properties.size=75
  Properties.md5=E6BD9E15FD07866A5EC303BB745AB8DF
  Properties.filedate=1390345641
  Properties.filedatetext=2014-01-22 00:07:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol
  Properties.size=149
  Properties.md5=F08644EF7685E7B5B0C7993B37B659F4
  Properties.filedate=1390345745
  Properties.filedatetext=2014-01-22 00:09:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol
  Properties.size=196
  Properties.md5=434DB875A1BD1372DB5CADAAB1BF27DF
  Properties.filedate=1390345941
  Properties.filedatetext=2014-01-22 00:12:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=D05E870A22F9016572A1EAB215A5B3DF
  Properties.filedate=1390434268
  Properties.filedatetext=2014-01-23 00:44:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\m.indostreamix.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=26D7A7C3340DD5CC7078D477C5575FCB
  Properties.filedate=1390432846
  Properties.filedatetext=2014-01-23 00:20:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\onlinetv-stream.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=FED29F7EF7CB6880B7C71D52282116DC
  Properties.filedate=1390431985
  Properties.filedatetext=2014-01-23 00:06:24

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
  Properties.size=42
  Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
  Properties.filedate=1390334852
  Properties.filedatetext=2014-01-21 21:07:31

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.gl-systemhaus.de\b7v2.sol
  Properties.size=39
  Properties.md5=EFCDBDAD6C520FFF3B8D49CA75FA59FF
  Properties.filedate=1390335708
  Properties.filedatetext=2014-01-21 21:21:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\player.longtailvideo.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=64DA7C8D09642C1F7A29F1E9FEE66C14
  Properties.filedate=1390433986
  Properties.filedatetext=2014-01-23 00:39:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=2048A1E689699F871FF3106D07779388
  Properties.filedate=1390432157
  Properties.filedatetext=2014-01-23 00:09:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\source.mmi.bemobile.ua\mmi.sol
  Properties.size=66
  Properties.md5=EC5D22D4E2D1AC82276C8E6CE88D6969
  Properties.filedate=1390348002
  Properties.filedatetext=2014-01-22 00:46:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol
  Properties.size=224
  Properties.md5=FCE76F6B93702F0068861148F0479DCA
  Properties.filedate=1390432785
  Properties.filedatetext=2014-01-23 00:19:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.irc.sol
  Properties.size=3410
  Properties.md5=D06740CD79B728ACC448E8ADED2BD653
  Properties.filedate=1390434040
  Properties.filedatetext=2014-01-23 00:40:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol
  Properties.size=17700
  Properties.md5=0303C29E901278818BEF9A3539CB7284
  Properties.filedate=1390434040
  Properties.filedatetext=2014-01-23 00:40:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=31152F5C0DC7623131BE11DD214C993B
  Properties.filedate=1390434707
  Properties.filedatetext=2014-01-23 00:51:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.9flash.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=D10E6AD99CF6DE3C142B71EF575E8397
  Properties.filedate=1390434785
  Properties.filedatetext=2014-01-23 00:53:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.casti.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=90FC28E54A256E4976BEBE6206F377AA
  Properties.filedate=1390431643
  Properties.filedatetext=2014-01-23 00:00:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=992CA86A1C57725C85D5F31706CFE68D
  Properties.filedate=1390432794
  Properties.filedatetext=2014-01-23 00:19:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.gagalive.kr\gaga6.sol
  Properties.size=107
  Properties.md5=06E0840408A0D5DC849346F8DECCFF7D
  Properties.filedate=1390431428
  Properties.filedatetext=2014-01-22 23:57:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=3C3F1C307809CB5101F704D54A3AB04D
  Properties.filedate=1390434063
  Properties.filedatetext=2014-01-23 00:41:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metropol.cz\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=9B536D76E96CB92C698642A74AF30A78
  Properties.filedate=1390433827
  Properties.filedatetext=2014-01-23 00:37:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.metrotvnews.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=471B5AB4735AF73E810E0972640D21A8
  Properties.filedate=1390431520
  Properties.filedatetext=2014-01-22 23:58:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.porniz.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=24488D18EB0CBE973A189456FB747CE1
  Properties.filedate=1390434306
  Properties.filedatetext=2014-01-23 00:45:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.quartarete.tv\com.jeroenwijering.sol
  Properties.size=53
  Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3
  Properties.filedate=1390431833
  Properties.filedatetext=2014-01-23 00:03:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.shanson.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=BCA4057E2EFA8431C9C986CB9D01CC86
  Properties.filedate=1390432806
  Properties.filedatetext=2014-01-23 00:20:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.winstar.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=4DA91764F1FB6FCA043E248C87C19B8C
  Properties.filedate=1390432794
  Properties.filedatetext=2014-01-23 00:19:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol
  Properties.size=100
  Properties.md5=80F2991DD668691BB52167916BE7862E
  Properties.filedate=1390434263
  Properties.filedatetext=2014-01-23 00:44:23

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\info.info.info-info-info-info-info.info\mp3player.swf\1413292_0_en.sol
  Properties.size=99
  Properties.md5=1F8F152A94590C73A1C10641060E0365
  Properties.filedate=1390431428
  Properties.filedatetext=2014-01-22 23:57:08

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
  Properties.size=44
  Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
  Properties.filedate=1390345730
  Properties.filedatetext=2014-01-22 00:08:50

Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
 

Cache: [SBI $49804B54] Browser: Cache (6) (Browser: Cache, nothing done)
 

Verlauf: [SBI $49804B54] Browser: History (78) (Browser: History, nothing done)
 

Cookie: [SBI $49804B54] Browser: Cookie (236) (Browser: Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Farbar's Recovery Scan Tool geladen.
FRST32 Bit passt nich zu meinem OS (Vista 64 bit)
FRST64 bit ist keine win32 Anwendung
??????

Und die 64 bit Version hat einen Trojaner laut AVG IS

schrauber 24.01.2014 14:38
AVG is doof, ignorier die Meldung und lade die 64bit Version.

Helvet 24.01.2014 14:47
Es bleibt leider dabei. Folgende Meldung bekomme ich nach dem Download und dem Versuch die exe zu starten.

FRST64 bit ist keine win32 Anwendung

schrauber 25.01.2014 12:07
Strange.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Helvet 25.01.2014 13:06
Jetzt ganz ohne Probleme:Boogie:

Code:
OTL logfile created on: 25.01.2014 12:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 62,72% Memory free
6,15 Gb Paging File | 3,78 Gb Available in Paging File | 61,52% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 504,81 Gb Free Space | 86,69% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 330,14 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Helvet\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( )
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys ()
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
IE - HKLM\..\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116
IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10179&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.searchcompletion.com/?si=10179&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10179&home=1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=52af82fa00000000000000248c2fc9b1
IE - HKCU\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.searchcompletion.com/?si=10179&cs=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: EFGLQA%4078ETGYN-0W7FN789T87.COM:1.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
 
[2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions
[2014.01.24 17:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions
[2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net
[2014.01.24 17:18:15 | 000,000,000 | ---D | M] (pricealarm) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
[2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com
[2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi
[2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.27 23:01:29 | 000,002,333 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\Funmoods.xml
[2012.08.19 12:45:56 | 000,009,650 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\my-web-search.xml
[2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com
[2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
 
O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 56.159.50.251        perspeak.avira-update.com
O1 - Hosts: 75.244.34.18        personal.nl.avira-update.com
O1 - Hosts: 253.249.177.195        profpeak.avira-update.com
O1 - Hosts: 157.45.146.186        professional.nl.avira-update.com
O1 - Hosts: 60.77.189.71        prempeak.avira-update.com
O1 - Hosts: 247.9.37.135        premium.nl.avira-update.com
O1 - Hosts: 60.138.2.98        personal.avira-update.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1        license.superantispyware.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Helvet\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found
O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014.01.24 15:04:15 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Windows Net Data
[2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking
[2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA
[2014.01.18 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\ParetoLogic
[2014.01.18 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\DriverCure
[2014.01.18 18:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa
[2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014
[2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014
[2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.25 12:13:55 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.25 12:13:55 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.01.25 12:13:55 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.25 12:13:55 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.01.25 12:13:55 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.25 12:13:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.25 12:07:51 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.25 12:07:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.25 12:07:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.25 12:07:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.24 15:04:15 | 000,001,779 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
[2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.24 11:13:58 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini
[2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.12.26 18:11:21 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.01.24 15:04:15 | 000,001,779 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
[2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.24 11:13:47 | 000,329,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini
[2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.12.26 16:36:43 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe
[2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat
[2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf
[2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf
[2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat
[2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat
[2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel
[2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat
[2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat
[2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat
[2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat
[2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box
[2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat
[2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
und der 2. Teil

Code:
OTL Extras logfile created on: 25.01.2014 12:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 62,72% Memory free
6,15 Gb Paging File | 3,78 Gb Available in Paging File | 61,52% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 504,81 Gb Free Space | 86,69% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 330,14 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player" = FLV Player
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2014 17:47:35 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.01.2014 19:21:16 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.01.2014 21:19:41 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 06:14:23 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 08:53:31 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 10:08:10 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 10:17:44 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 14:02:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.01.2014 19:52:34 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.01.2014 07:07:48 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
686  Description: Das Handle ist ungültig.   
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7:  The agent has been stopped.
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 24.01.2014 19:52:34 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 24.01.2014 19:53:38 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 24.01.2014 19:54:36 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
 
Error - 24.01.2014 19:54:36 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.01.2014 07:07:16 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 25.01.2014 07:07:31 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 25.01.2014 07:07:48 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.01.2014 07:08:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 25.01.2014 07:09:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
 
Error - 25.01.2014 07:09:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

schrauber 26.01.2014 06:47
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches OTL log bitte.

Helvet 26.01.2014 14:00
Das Log von AdwCleaner

Code:
# AdwCleaner v3.017 - Bericht erstellt am 26/01/2014 um 12:57:27
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Helvet - HELVET-PC
# Gestartet von : C:\Users\Helvet\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\ParetoLogic
[!] Ordner Gelöscht : C:\Program Files (x86)\Conduit
[!] Ordner Gelöscht : C:\Program Files (x86)\Search Settings
[!] Ordner Gelöscht : C:\Program Files (x86)\Uniblue\SpeedUpMyPC
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\DriverCure
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Funmoods
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\ParetoLogic
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
[!] Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\search@searchsettings.com
[!] Ordner Gelöscht : C:\Users\Helvet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Funmoods

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : HKCU\Software\Official-eMule
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKLM\Software\Official-eMule
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Complitly_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Helvet\AppData\Roaming\Mozilla\Firefox\Profiles\oksh8in9.default\prefs.js ]

Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15455");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 74439590);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15455");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=NT_ss&mntrId=52af82fa00000000000000248c2fc9b1");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:48:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.enabledItems", "toolbar@ask.com:3.6.6.117,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.1[...]
Zeile gelöscht : user_pref("extensions.funmoods.aflt", "iron2");
Zeile gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Zeile gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Zeile gelöscht : user_pref("extensions.funmoods.hdrMd5", "F1B36742217C6B551BD13F27C9DF5AD3");
Zeile gelöscht : user_pref("extensions.funmoods.hmpg", true);
Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116");
Zeile gelöscht : user_pref("extensions.funmoods.id", "00248C2FC9B182FA");
Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15701");
Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "iron2");
Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gelöscht : user_pref("extensions.funmoods.newTab", true);
Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116");
Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.sg", "none");
Zeile gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116&[...]
Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:1:20");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=3E09D2FC-3088-4405-A6D5-EB9AA5267698&n=77edeef9&ptnrS=XPxdm284YYde&si=CPjrt5Kx8rECFQjwzAodCw[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012081913");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm284YYde");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CPjrt5Kx8rECFQjwzAodCw8AhA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "3E09D2FC-3088-4405-A6D5-EB9AA5267698");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1345677857887");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1362017626498");

*************************

AdwCleaner[R0].txt - [23059 octets] - [26/01/2014 12:52:57]
AdwCleaner[S0].txt - [17907 octets] - [26/01/2014 12:57:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17968 octets] ##########
Und das Log vom JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Helvet on 26.01.2014 at 13:20:40,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{68F7C746-8BA6-A11E-2CA0-7F0D49DC2089}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{2D5E3FCD-40F4-4E60-919E-97DCF1AF2B68}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{3230DD1B-E026-4DC5-A3A1-FFD7018F0E60}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{3D66B5AE-1589-4E59-9427-8CD0C565F2CC}
Successfully deleted: [Empty Folder] C:\Users\Helvet\appdata\local\{F4313E13-D114-447E-AF7D-AB57466F6E48}



~~~ FireFox

Emptied folder: C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\minidumps [328 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2014 at 13:27:40,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und noch die beiden OTLs
Bis hierhin schon mal ein RIESEN DANKE:applaus:

Code:
OTL logfile created on: 26.01.2014 13:46:28 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,22 Gb Available Physical Memory | 70,40% Memory free
6,07 Gb Paging File | 4,34 Gb Available in Paging File | 71,55% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 511,46 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 329,97 Gb Free Space | 55,35% Space Free | Partition Type: NTFS
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( )
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys ()
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
 
[2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions
[2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions
[2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net
[2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com
[2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi
[2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml
[2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
 
O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 56.159.50.251        perspeak.avira-update.com
O1 - Hosts: 75.244.34.18        personal.nl.avira-update.com
O1 - Hosts: 253.249.177.195        profpeak.avira-update.com
O1 - Hosts: 157.45.146.186        professional.nl.avira-update.com
O1 - Hosts: 60.77.189.71        prempeak.avira-update.com
O1 - Hosts: 247.9.37.135        premium.nl.avira-update.com
O1 - Hosts: 60.138.2.98        personal.avira-update.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1        license.superantispyware.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found
O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.26 13:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.01.26 13:18:16 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe
[2014.01.26 12:52:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking
[2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA
[2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa
[2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014
[2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014
[2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.26 13:44:53 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.26 13:44:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.26 13:44:41 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.26 13:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.26 13:18:17 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe
[2014.01.26 13:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.26 13:04:04 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.26 13:04:04 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.01.26 13:04:04 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.26 13:04:04 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.01.26 13:04:04 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.26 12:51:22 | 001,236,282 | ---- | M] () -- C:\Users\Helvet\Desktop\adwcleaner.exe
[2014.01.26 12:03:14 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini
[2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.01.26 12:51:21 | 001,236,282 | ---- | C] () -- C:\Users\Helvet\Desktop\adwcleaner.exe
[2014.01.26 12:03:01 | 000,329,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini
[2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe
[2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat
[2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf
[2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf
[2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat
[2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat
[2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel
[2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat
[2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat
[2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat
[2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat
[2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box
[2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat
[2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >







Code:
OTL Extras logfile created on: 26.01.2014 13:46:28 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,22 Gb Available Physical Memory | 70,40% Memory free
6,07 Gb Paging File | 4,34 Gb Available in Paging File | 71,55% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 511,46 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 329,97 Gb Free Space | 55,35% Space Free | Partition Type: NTFS
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
686  Description: Das Handle ist ungültig.   
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7:  The agent has been stopped.
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 26.01.2014 08:44:20 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 26.01.2014 08:44:32 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.01.2014 08:45:53 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 26.01.2014 08:46:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
 
Error - 26.01.2014 08:46:52 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

schrauber 27.01.2014 09:07

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte. Noch Probleme? :)

Helvet 27.01.2014 22:49
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cf1f77196d3b04439d28bbf1ade31cb7
# engine=16814
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-27 08:39:18
# local_time=2014-01-27 09:39:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 100 92792328 228379064 0 0
# scanned=216256
# found=0
# cleaned=0
# scan_time=5409
Code:
Results of screen317's Security Check version 0.99.79 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 AVG PC TuneUp 2014 
 AVG PC TuneUp 2014 (de-DE)
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 35 
 Java 7 Update 51 
 Adobe Flash Player        12.0.0.43 
 Mozilla Firefox (26.0)
 Mozilla Thunderbird (1.5). Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
So, alles nach Anordnung durchgeführt. Kann leider nicht sehen, ob alles ok ist. Aktiviere jetzt wieder den AVG und lasse noch mal Spybot darüberlaufen. Info folgt.




Code:
OTL logfile created on: 27.01.2014 21:52:57 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,51 Gb Available Physical Memory | 58,52% Memory free
6,17 Gb Paging File | 3,79 Gb Available in Paging File | 61,48% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 498,03 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 344,07 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
Drive K: | 14,40 Gb Total Space | 14,17 Gb Free Space | 98,40% Space Free | Partition Type: FAT32
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Helvet\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v50.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v50.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( )
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\DRIVERS\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AQFileRestore) -- C:\Windows\SysNative\DRIVERS\AQFileRestore.sys ()
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (Sunbelt Software)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4}
IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CtB0F0Czy0BtCzztB0F0AtN0D0Tzu0CtAyCtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=50329116
IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{BBB2072C-2748-4960-B304-AC4625B59B9A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledAddons: vlcplaylist%40helgatauscher.de:0.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62848
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13.1: C:\Users\Helvet\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Helvet\AppData\Roaming\5012 [2011.03.03 16:05:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.12.20 19:13:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.12.20 19:13:33 | 000,000,000 | ---D | M]
 
[2009.05.08 13:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Extensions
[2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions
[2010.06.25 12:20:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.08.28 05:33:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.18 20:20:55 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\adsremoval@adsremoval.net
[2012.05.08 16:29:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Helvet\AppData\Roaming\mozilla\Firefox\Profiles\oksh8in9.default\extensions\Konverts@MediaPimp.com
[2013.05.03 15:46:43 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\vlcplaylist@helgatauscher.de.xpi
[2014.01.16 19:01:03 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.18 23:19:56 | 000,002,417 | ---- | M] () -- C:\Users\Helvet\AppData\Roaming\mozilla\firefox\profiles\oksh8in9.default\searchplugins\s-amazon-bymp-de.xml
[2014.01.26 12:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.12.20 19:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.12.20 19:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.12.20 19:13:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.06.18 12:42:45 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
 
O1 HOSTS File: ([2013.01.14 19:52:52 | 000,002,081 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 56.159.50.251        perspeak.avira-update.com
O1 - Hosts: 75.244.34.18        personal.nl.avira-update.com
O1 - Hosts: 253.249.177.195        profpeak.avira-update.com
O1 - Hosts: 157.45.146.186        professional.nl.avira-update.com
O1 - Hosts: 60.77.189.71        prempeak.avira-update.com
O1 - Hosts: 247.9.37.135        premium.nl.avira-update.com
O1 - Hosts: 60.138.2.98        personal.avira-update.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1        license.superantispyware.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\SysWow64\webcheck.dll File not found
O24 - Desktop WallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Helvet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\ccleaner.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\shell.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - K:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a2-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{24d165a4-8f4a-11de-81cb-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b7655b0-4bb2-11e3-8d3d-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{6d579122-43cd-11df-a992-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell - "" = AutoRun
O33 - MountPoints2\{be273d2e-9cbb-11df-9023-00248c2fc9b1}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.01.27 19:35:54 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.01.27 19:35:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.01.27 19:35:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.01.27 19:35:46 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.01.26 22:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014.01.26 13:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.01.26 13:18:16 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe
[2014.01.26 12:52:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.25 12:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.24 15:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014.01.24 03:10:05 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\Safer Networking
[2014.01.18 18:43:59 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\G DATA
[2014.01.18 17:05:54 | 000,000,000 | ---D | C] -- C:\Vasilisa
[2014.01.18 15:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.01.18 15:57:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.01.18 15:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.01.15 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014.01.15 22:53:06 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014.01.15 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.01.15 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.01.12 15:01:45 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2014.01.12 15:01:44 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2014.01.12 15:01:44 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2014.01.12 15:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2013.12.31 15:31:36 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Roaming\AVG2014
[2013.12.31 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.12.31 15:29:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.12.31 15:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013.12.31 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.12.31 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Helvet\AppData\Local\Avg2014
[2013.12.29 23:08:43 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.01.02 18:27:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helvet\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.27 21:47:48 | 000,987,425 | ---- | M] () -- C:\Users\Helvet\Desktop\SecurityCheck.exe
[2014.01.27 21:13:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.27 21:06:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.27 21:06:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.27 20:04:03 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.01.27 20:04:03 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.01.27 20:04:03 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.01.27 20:04:03 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.01.27 20:04:03 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.01.27 19:08:16 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.27 19:06:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.27 07:13:39 | 000,330,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.26 13:18:17 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Helvet\Desktop\JRT.exe
[2014.01.26 12:51:22 | 001,236,282 | ---- | M] () -- C:\Users\Helvet\Desktop\adwcleaner.exe
[2014.01.25 12:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helvet\Desktop\OTL.exe
[2014.01.24 15:02:53 | 001,059,584 | ---- | M] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.24 14:06:49 | 000,191,488 | ---- | M] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.22 00:30:17 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.18 14:13:59 | 000,000,335 | ---- | M] () -- C:\Windows\wininit.ini
[2014.01.16 06:55:48 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.15 07:04:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.15 07:04:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.12 15:01:42 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.31 15:31:01 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Helvet\Desktop\*.tmp files -> C:\Users\Helvet\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.01.27 21:47:48 | 000,987,425 | ---- | C] () -- C:\Users\Helvet\Desktop\SecurityCheck.exe
[2014.01.26 22:33:58 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2014.01.26 12:51:21 | 001,236,282 | ---- | C] () -- C:\Users\Helvet\Desktop\adwcleaner.exe
[2014.01.26 12:03:01 | 000,330,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.01.24 15:02:53 | 001,059,584 | ---- | C] () -- C:\Users\Helvet\Desktop\Trojan-Remover-Setup.exe
[2014.01.15 23:46:05 | 000,000,335 | ---- | C] () -- C:\Windows\wininit.ini
[2014.01.15 22:53:19 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014.01.15 22:53:19 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014.01.15 22:53:09 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014.01.15 22:53:09 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014.01.12 15:01:42 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014.01.12 15:01:42 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
[2014.01.12 15:01:42 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2013.12.29 22:33:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013.03.03 13:54:41 | 000,000,300 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.02 18:27:37 | 000,099,384 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\inst.exe
[2013.01.02 18:27:37 | 000,007,859 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.cat
[2013.01.02 18:27:37 | 000,001,167 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\pcouffin.inf
[2012.10.10 23:01:37 | 000,076,359 | ---- | C] () -- C:\ProgramData\khsftvhcovcgzvf
[2012.01.17 21:51:50 | 000,191,488 | ---- | C] () -- C:\Users\Helvet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.13 23:07:52 | 000,007,916 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps.dat
[2011.02.15 16:32:41 | 000,000,042 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\urhtps.dat
[2010.11.11 17:29:19 | 000,003,871 | ---- | C] () -- C:\Users\Helvet\.recently-used.xbel
[2009.10.26 17:01:26 | 000,001,460 | ---- | C] () -- C:\Users\Helvet\AppData\Local\d3d9caps64.dat
[2009.10.23 22:04:15 | 000,296,748 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_nav.dat
[2009.10.23 22:04:15 | 000,003,436 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu.dat
[2009.10.23 22:04:15 | 000,002,740 | ---- | C] () -- C:\Users\Helvet\AppData\Local\isnpbu_navps.dat
[2009.08.09 19:31:33 | 000,007,680 | ---- | C] () -- C:\Users\Helvet\EXCEL.box
[2009.07.17 20:04:54 | 000,000,090 | ---- | C] () -- C:\Users\Helvet\AppData\Local\kmiam.bat
[2009.07.10 20:41:52 | 008,800,144 | ---- | C] () -- C:\Program Files (x86)\FLV PlayerATBSetup.exe
[2009.05.21 19:55:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.05.20 16:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Helvet\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >



Code:
OTL Extras logfile created on: 27.01.2014 21:52:57 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Helvet\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,51 Gb Available Physical Memory | 58,52% Memory free
6,17 Gb Paging File | 3,79 Gb Available in Paging File | 61,48% Paging File free
Paging file location(s): C:\pagefile.sys 256 512
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 498,03 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 2,01 Gb Free Space | 14,53% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 344,07 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
Drive K: | 14,40 Gb Total Space | 14,17 Gb Free Space | 98,40% Space Free | Partition Type: FAT32
 
Computer Name: HELVET-PC | User Name: Helvet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 4A 39 A4 00 E0 16 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0300D9DD-1CB3-49CF-97B0-D6904CC85C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0636F853-31FC-4870-9C52-24E7772FBCC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F0E6317-66D9-4EAB-A34A-801C3564666D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1859F02F-84E5-4EE8-81A3-11F77D515FD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22638B55-787B-483D-AB4E-859F1EFD02F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26306662-22C8-4FCE-BA62-E5BDD58942F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{36FB1A14-670A-4233-9DC2-EE6067A53150}" = lport=445 | protocol=6 | dir=in | app=system |
"{552520F5-0027-406A-B57A-C4CA125F2F58}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BBD050D-694C-4FFB-A4CB-26007E5A4D62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C834BB-158A-4DB7-A161-595FAB70211E}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F987FF-B559-4814-AFDA-B81E4EF4E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891F2A92-98B4-4BBF-934B-D5CDC26B2391}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E4094AC-2418-419D-AB89-D5215A3AFF96}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7D5D61D-A02A-4299-985C-623C59D6480D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF424DBF-B123-4D21-88DD-951AA81D6BB9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B530EE7C-54EF-473E-B732-E20DECD7AD44}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA85D4D1-0C8C-466D-BB69-B62C992E0AA8}" = lport=18857 | protocol=6 | dir=in | name=emule1 |
"{D678892C-CEE7-4FD6-A7D4-DFA87DE403F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{E2C3D560-37B8-4552-B8FA-DFD60C24110D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC9C99D3-A93A-4D30-BFE8-4BBDF386EF22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B5A09D-FF1F-4423-85E8-2174BF78A690}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C5D0B64-428D-4E3B-888F-94B4DA6C78A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10D7E4E5-6061-49C3-93B0-801C95526422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130DD5F1-45FD-46DB-B1A4-DEFA85F85DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E8B9BA-B018-46B6-BBBB-939A2227FFA0}" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{25E3B023-FD83-44B2-954E-730B498239A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B59CA1-9843-485F-9C1B-40B565E569FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E8BE4A-F398-436B-8248-32E80052EB26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F765549-9125-4CD9-8398-8761F998A3D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F973512-3BA0-4CB8-BEB8-1A03E0C82805}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{43D168DF-E577-4393-9C36-6A83E2400CF0}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{4F5A0DEB-28FB-43B6-9842-CB625FA55A01}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{5ABC9EB7-0D91-4B6E-AE69-1E524242ACC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E994D38-A4D7-4680-9EBA-78510B125687}" = protocol=6 | dir=out | app=system |
"{603E002A-AD56-4646-8C38-9D1CC684A8AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6230F6C2-7EA4-4D4B-AD36-9E5966D70632}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{747CCDAC-7CA9-4815-8967-9ACA01E95F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75497E48-C84B-444F-8B39-CBC8D4C3082E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{7B947122-8843-4AFC-A123-FBF126D26C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BEBCF9E-19CD-462E-8181-410B646D9410}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{8560E5E0-81AC-4034-8E61-7D3419053478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8666FBBC-78A0-47A2-BDBF-C35B4E3F2F5F}" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{89F58B09-43DB-45B5-9761-5B8E7B6D7F72}" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"{8BEAA451-F2F7-466B-9C2A-5C514A00426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1727B8D-2A6A-4355-A1FD-D958D7910F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A39D5F8B-DF71-4EEA-AA68-C96F7129300C}" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\utorrent\utorrent.exe |
"{ABA75A74-45E3-4CE8-A1CF-9A8D41BFB308}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{AE83B932-CCE0-4769-9A84-8C0E3FDA0978}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{B33C0A39-0E70-4E7F-9679-1BBAD4F16EB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B73A5EDC-084C-416C-A7D9-010F768393B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B76C7532-8912-4C1F-BFB4-7EC92C38DD45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA3AF442-82E3-4EA4-9EEE-A140D75400F7}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{CF0AE8B6-2D99-48F5-B1C4-BA297E83282F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D293FA33-7DE9-4890-AB7D-056363F60A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{D423BE7B-EEC7-48C3-916A-3272A105937C}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{EA63982B-0E41-4450-9799-87A5E86C1F90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EAC33508-68F0-49B2-9C1B-57F26081A5C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{EB10E65D-DE69-4C6B-A890-1A69039D11D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F5E38FA3-8D76-4B76-8CBC-74FB5AFB793C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{FA940659-BE0D-4B4C-BE6E-0A3C8E39DED7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{FE0B3810-8A28-4554-B677-477028841A8E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{13183EC3-4F73-46ED-B80C-6F2604604505}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{353E4882-6223-4B23-B0B5-D90F1D6F1698}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4596BC4F-4554-4735-B298-67B374AB72B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5168C243-131A-44B3-A1F4-B86D8004A83D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{581381CE-4711-4D43-BE77-00D5E5BC5E0B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8C608CEC-3936-4C79-B23F-6C4447CFF055}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{BE31339C-B551-46B9-84BD-1C833B20F539}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{DE9723D1-B66D-43DA-B7AA-01A6814087DB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E574B95E-B952-4800-9D7A-D8BB1B622575}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{13587F2E-6CD9-446B-8CED-22F3D71F0E1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{28A8887F-82EC-4410-8F69-CBCBDB053089}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{6BB935C4-28EE-439D-880E-AFE2CFDCEF0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{71248798-DEB0-479F-B462-F990DE4CEA4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{840C4DC5-C0BC-42DC-9C50-9E5B89F236D2}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{89529A7D-266A-4F38-A894-0FC1F1CE3378}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B5FC3353-73BA-43C6-8181-B8A366CB2C41}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{E490F683-CD17-477F-A6A2-BB6DFA6B3306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ED8C90FD-7D01-4702-AC67-81A952069B84}C:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\helvet\appdata\roaming\acestream\engine\ace_engine.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4FB5026-7C4D-4967-A11F-7B6D66D2D817}" = AVG PC TuneUp 2014 (de-DE)
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG PC TuneUp" = AVG PC TuneUp 2014
"Camersoft Fake Webcam_is1" = Camersoft Fake Webcam 3.1.08
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"kmiam" = Favorit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Windows Utils" = Windows Utils
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13.1
"FLV Player Packages" = FLV Player Packages
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2014 08:44:50 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.01.2014 02:14:01 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.01.2014 14:06:46 | Computer Name = Helvet-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.01.2014 15:03:53 | Computer Name = Helvet-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\eigene\esetsmartinstaller_enu.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error - 27.01.2014 16:42:38 | Computer Name = Helvet-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen
 Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 05.01.2010 10:21:29 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 05.01.2010 20:59:19 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 06.01.2010 07:30:25 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 06.01.2010 07:30:26 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 9:  Client PC is shutting down.
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
Error - 08.01.2010 04:15:43 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: WaitForSingleObject  Return code: 6  File: .\Agent.cpp  Line:
686  Description: Das Handle ist ungültig.   
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 7:  The agent has been stopped.
 
Error - 08.01.2010 11:51:03 | Computer Name = Helvet-PC | Source = vpnagent | ID = 50331649
Description =  Function: CVpnMgr::processEvents  Return code: 0  File: .\MainThread.cpp
Line:
 997  Description:  fatal error, stopping service
 
[ Spybot - Search and Destroy Events ]
Error - 15.01.2014 18:46:05 | Computer Name = Helvet-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 27.01.2014 02:15:33 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 27.01.2014 02:16:00 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
 
Error - 27.01.2014 02:16:00 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.01.2014 14:05:53 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 27.01.2014 14:06:11 | Computer Name = Helvet-PC | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 27.01.2014 14:06:47 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.01.2014 14:06:47 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.01.2014 14:08:44 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7038
Description =
 
Error - 27.01.2014 14:08:44 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.01.2014 14:09:15 | Computer Name = Helvet-PC | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
:killpc::killpc::killpc:


Code:
Search results from Spybot - Search & Destroy

27.01.2014 22:45:32
Scan took 00:31:22.
28 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
  Properties.size=75
  Properties.md5=D3D5DD48C6677558D932AB9A13AD65F5
  Properties.filedate=1390750314
  Properties.filedatetext=2014-01-26 16:31:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
  Properties.size=42
  Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
  Properties.filedate=1390660663
  Properties.filedatetext=2014-01-25 15:37:42

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol
  Properties.size=61
  Properties.md5=44E5D6A453380A15806BF03D096F53CC
  Properties.filedate=1390735862
  Properties.filedatetext=2014-01-26 12:31:01

Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
 

Cache: [SBI $49804B54] Browser: Cache (12) (Browser: Cache, nothing done)
 

Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
 

Cookie: [SBI $49804B54] Browser: Cookie (150) (Browser: Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

schrauber 28.01.2014 15:43
was willste mir mit dem Gehämmer sagen? :)

Helvet 28.01.2014 15:53
Leider findet Spybot immernoch den Agent.fbx.....:heulen:

schrauber 29.01.2014 10:34
Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam]
Starte die regfix.reg duch Doppelklick.

Findet Spybot immer noch was? :p

Helvet 29.01.2014 20:22
Er ist leider noch da.......:pfeiff:

Code:
Search results from Spybot - Search & Destroy

29.01.2014 20:16:38
Scan took 00:29:32.
55 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-global.sol
  Properties.size=149
  Properties.md5=25C800AF54DBBC785360B64F41347186
  Properties.filedate=1390935613
  Properties.filedatetext=2014-01-28 20:00:12

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\api.firestormmedia.tv\firestormmedia-player.sol
  Properties.size=209
  Properties.md5=D3A6E221A2C6EA9224E24209E93E6A33
  Properties.filedate=1390935622
  Properties.filedatetext=2014-01-28 20:00:22

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\assets.liputan6.com\com.jeroenwijering.sol
  Properties.size=53
  Properties.md5=462A69E64441160D65310D1139A04B85
  Properties.filedate=1390952546
  Properties.filedatetext=2014-01-29 00:42:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\byetv.org\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=9F48A7A7BDFEF767192029171808B8FE
  Properties.filedate=1390952942
  Properties.filedatetext=2014-01-29 00:49:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\edgecast.cam4s.com\cam4PlayerSendLogData.sol
  Properties.size=75
  Properties.md5=D3D5DD48C6677558D932AB9A13AD65F5
  Properties.filedate=1390750314
  Properties.filedatetext=2014-01-26 16:31:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\embed.videarn.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=0CAFD06BBB81F9186FDFFAC7E1FC2826
  Properties.filedate=1390949944
  Properties.filedatetext=2014-01-28 23:59:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\flashstreaming.mobi\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=A2E3FE86B3420ACB22284CBDDE8BE413
  Properties.filedate=1390935545
  Properties.filedatetext=2014-01-28 19:59:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\freelivetv.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=5AF6F15ABDE0920B123E1A78D6DD5BD1
  Properties.filedate=1390952949
  Properties.filedatetext=2014-01-29 00:49:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\firestormmedia-global.sol
  Properties.size=149
  Properties.md5=25C800AF54DBBC785360B64F41347186
  Properties.filedate=1390935628
  Properties.filedatetext=2014-01-28 20:00:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\iptv.firestormmedia.tv\rampant-player.sol
  Properties.size=140
  Properties.md5=CC51916370BE1F5924B64E5B79ECAD26
  Properties.filedate=1390935852
  Properties.filedatetext=2014-01-28 20:04:12

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\livestreamcast.org\com.jeroenwijering.sol
  Properties.size=53
  Properties.md5=C1F09FC17CE1E9B620EEE54C2D9999CA
  Properties.filedate=1390952946
  Properties.filedatetext=2014-01-29 00:49:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\p1.badoocdn.com\statf.sol
  Properties.size=42
  Properties.md5=2A3893FAC1613E11B90B6B43963BBD63
  Properties.filedate=1390660663
  Properties.filedatetext=2014-01-25 15:37:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\players.d2see.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=420625B5AF13B007266B767B4A6FCE78
  Properties.filedate=1390953107
  Properties.filedatetext=2014-01-29 00:51:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\rntplayer.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=076D43CEE5CCF726540E5FCEF9A758BD
  Properties.filedate=1390952941
  Properties.filedatetext=2014-01-29 00:49:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\com.conviva.livePass.sol
  Properties.size=224
  Properties.md5=5556090C165BBFB007D35ABDDB0FF895
  Properties.filedate=1390953950
  Properties.filedatetext=2014-01-29 01:05:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static-cdn1.ustream.tv\flash.viewer.sol
  Properties.size=17693
  Properties.md5=6C156B6E62E3521D059A70362D58CD75
  Properties.filedate=1390953946
  Properties.filedatetext=2014-01-29 01:05:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static1.dmcdn.net\com.dm.player.sol
  Properties.size=297
  Properties.md5=B1C988A353AC7AD9C789FBF079384257
  Properties.filedate=1390941794
  Properties.filedatetext=2014-01-28 21:43:13

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\tv-box.hpage.com\com.jeroenwijering.sol
  Properties.size=53
  Properties.md5=F83D0B2267A5863963A20681394720F0
  Properties.filedate=1390952948
  Properties.filedatetext=2014-01-29 00:49:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\videarn.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=9B4914880AF65BCF475CAD4D898217B4
  Properties.filedate=1390949693
  Properties.filedatetext=2014-01-28 23:54:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\vk.com\VkontaktePlayer.sol
  Properties.size=54
  Properties.md5=4C931C53AF72AD9275309F55428BF298
  Properties.filedate=1390942106
  Properties.filedatetext=2014-01-28 21:48:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.dcast.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=D5E11BFC5E604DDD3CF755D9083E9E85
  Properties.filedate=1390952951
  Properties.filedatetext=2014-01-29 00:49:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.fbcast.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=EEAA386C7D82FEB068A831E16124E80D
  Properties.filedate=1390952577
  Properties.filedatetext=2014-01-29 00:42:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.iguide.to\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=08090091D0DBCBE5AE863FC45FAA6C07
  Properties.filedate=1390952940
  Properties.filedatetext=2014-01-29 00:49:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.ilive.to\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=251AD3DA0D52F1EFE412A5F321BDB0BC
  Properties.filedate=1390952948
  Properties.filedatetext=2014-01-29 00:49:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.kbps.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=B9BFBDF005CE5EB7B04DE503E8AF4847
  Properties.filedate=1390952952
  Properties.filedatetext=2014-01-29 00:49:11

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.sunmaker.com\mwc_userSettings.sol
  Properties.size=131
  Properties.md5=1B7FA6D6279182BA58B3D7DBB7AAE049
  Properties.filedate=1390935880
  Properties.filedatetext=2014-01-28 20:04:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\www.xatech.com\chat.sol
  Properties.size=100
  Properties.md5=884FA3C5739E3B1D4DC308013C48FA32
  Properties.filedate=1390952632
  Properties.filedatetext=2014-01-29 00:43:52

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\eu-st.xhamster.com\videoplayerC.swf\dats.sol
  Properties.size=36
  Properties.md5=737726F08D709EFE2DEC4DF4E651CA5F
  Properties.filedate=1390946013
  Properties.filedatetext=2014-01-28 22:53:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\pics.smotri.com\broadcast_play.swf\sin.sol
  Properties.size=166
  Properties.md5=578ACBAE8FA81B647A478987CC8E1B28
  Properties.filedate=1390945317
  Properties.filedatetext=2014-01-28 22:41:57

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\50.97.229.122\re-streamer-high\flowplayer-3.0.7.swf\org.flowplayer.sol
  Properties.size=67
  Properties.md5=EA7DE6E7FF2F6272066E10F31C965E06
  Properties.filedate=1390953046
  Properties.filedatetext=2014-01-29 00:50:46

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
  Properties.size=44
  Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
  Properties.filedate=1390954513
  Properties.filedatetext=2014-01-29 01:15:12

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol
  Properties.size=61
  Properties.md5=44E5D6A453380A15806BF03D096F53CC
  Properties.filedate=1390735862
  Properties.filedatetext=2014-01-26 12:31:01

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Helvet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8D7LYXNP\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
  Properties.size=61
  Properties.md5=315EFC2B22C338CA28CF1126167B41F5
  Properties.filedate=1390951017
  Properties.filedatetext=2014-01-29 00:16:56

Win32.Agent.fbx: [SBI $86BD92BA] Settings (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kmiam

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-567111264-1064952504-1682465011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
 

Cache: [SBI $49804B54] Browser: Cache (10) (Browser: Cache, nothing done)
 

Verlauf: [SBI $49804B54] Browser: History (17) (Browser: History, nothing done)
 

Cookie: [SBI $49804B54] Browser: Cookie (461) (Browser: Cookie, nothing done)
 


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-15 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-01-14 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-08 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-08 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-08 Includes\KeyloggersC.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-01-14 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-08 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-14 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-15 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131