| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Tags.bluekai - wie werde ich diesen Schädling wieder los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.02.2013, 19:21
| #1 |
| |  Tags.bluekai - wie werde ich diesen Schädling wieder los? Hallo - es hat mal wieder zugeschlagen. Beim Aufrufen von Ebay-Angeboten bekomme ich zeitweise ein Blank-Site Die URL heißt dann: "Tags.bluekai.com" - gefolgt von vielen Zahlen und Buchstaben. Google sagt mir, das ist ein Wurm. Avira (Vollversion) hat nichts erkannt. Wie bekomme ich den M... wieder weg! Schon mal Danke für die Hilfe. Gruss Reiner |
|
24.02.2013, 23:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Tags.bluekai - wie werde ich diesen Schädling wieder los? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
25.02.2013, 09:19
| #3 |
| |  Tags.bluekai - wie werde ich diesen Schädling wieder los? Hallo,
__________________toll, dass Du dich so schnell meldest - Danke! den ersten Scann habe ich ausgeführt. Hier der Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x86
Ran by rahel on 25.02.2013 at 9:01:39,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1490465766-3283874311-2335952859-1001\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\searchqumediabartb
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\rahel\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\rahel\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\jziptoolbar"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\wi3c8a~1"
Successfully deleted: [Folder] "C:\Program Files\windows jzip toolbar"
Successfully deleted: [Folder] "C:\Program Files\windows searchqu toolbar"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted the following from C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\prefs.js
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "Search Results");
user_pref("browser.startup.homepage", "hxxp://search.jzip.com/");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babTrack", "affID=100842");
user_pref("extensions.BabylonToolbar.bbDpng", 13);
user_pref("extensions.BabylonToolbar.dfltLng", "de");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "8a0b6db4000000000000062163db9aa7");
user_pref("extensions.BabylonToolbar.instlDay", "15217");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8a0b6db4000000000000062163db9aa7&tlver=1.4.35.10&affID=100842
user_pref("extensions.BabylonToolbar.lastDP", 13);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1019:38:52");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 62343084);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1019:38:52");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("keyword.URL", "hxxp://search.jzip.com/web?src=ffb&systemid=102&q=");
Emptied folder: C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\minidumps [35 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\rahel\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 9:07:50,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reiner Hi, vieleicht stelle ich mich jetzt gerade blöde an, aber lieber einmal zuviel fragen! Soll ich den AdwCleaner jetzt sofort im Anschluss durchführen. Gruss |
|
25.02.2013, 13:24
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.02.2013, 15:32
| #5 | ||
| | Tags.bluekai - wie werde ich diesen Schädling wieder los? O-Ton Cosinus: Zitat:
Zitat:
Schreib mir, ob wir weitermachen oder ob du den Thread schließen willst - OK! Gruss Reiner |
|
25.02.2013, 16:07
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los? Willst du hier auf irgendwelche Nichtigkeiten herumreiten oder einfach mal weitermachen  Selbst verständlich sollst du Fragen stellen, aber es ergibt sich doch aus dem Kontext, dass du alle drei Tools ausführen solltest Zitat:
Statt irgendwelche Dinge fälschlicherweise hineinzuinterpretieren einfach mal die Sachen abarbeiten und wir wären schon beim nächsten Step! 
__________________ --> Tags.bluekai - wie werde ich diesen Schädling wieder los? |
|
25.02.2013, 16:34
| #7 |
| | Tags.bluekai - wie werde ich diesen Schädling wieder los? also hier die Files: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x86
Ran by rahel on 25.02.2013 at 9:01:39,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1490465766-3283874311-2335952859-1001\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\searchqumediabartb
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\rahel\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\rahel\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\jziptoolbar"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\rahel\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\wi3c8a~1"
Successfully deleted: [Folder] "C:\Program Files\windows jzip toolbar"
Successfully deleted: [Folder] "C:\Program Files\windows searchqu toolbar"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted the following from C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\prefs.js
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "Search Results");
user_pref("browser.startup.homepage", "hxxp://search.jzip.com/");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babTrack", "affID=100842");
user_pref("extensions.BabylonToolbar.bbDpng", 13);
user_pref("extensions.BabylonToolbar.dfltLng", "de");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "8a0b6db4000000000000062163db9aa7");
user_pref("extensions.BabylonToolbar.instlDay", "15217");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8a0b6db4000000000000062163db9aa7&tlver=1.4.35.10&affID=100842
user_pref("extensions.BabylonToolbar.lastDP", 13);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1019:38:52");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "6.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 62343084);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1019:38:52");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("keyword.URL", "hxxp://search.jzip.com/web?src=ffb&systemid=102&q=");
Emptied folder: C:\Users\rahel\AppData\Roaming\mozilla\firefox\profiles\8x0s4gof.default\minidumps [35 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\rahel\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 9:07:50,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Logfile created 02/25/2013 at 14:49:01
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : rahel - RAHELS_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\rahel\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\searchplugins\jZipWebSearch.xml
Folder Found : C:\Users\rahel\AppData\Local\APN
Folder Found : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions\{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
Folder Found : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\jziptoolbar
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Found : HKLM\Software\jZipMediabarTb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip 102 MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (de)
File : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.60.1185.0
File : C:\Users\rahel\AppData\Roaming\Opera\Opera\operaprefs.ini
Found : Home URL=hxxp://www.searchqu.com/406
*************************
AdwCleaner[R1].txt - [10948 octets] - [24/02/2013 21:10:27]
AdwCleaner[R2].txt - [5179 octets] - [25/02/2013 14:49:01]
########## EOF - C:\AdwCleaner[R2].txt - [5239 octets] ##########
Code:
ATTFilter # AdwCleaner v2.113 - Logfile created 02/25/2013 at 14:55:00
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : rahel - RAHELS_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\rahel\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\searchplugins\jZipWebSearch.xml
Folder Deleted : C:\Users\rahel\AppData\Local\APN
Folder Deleted : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions\{1e48c56f-08cd-43aa-a6ef-c1ec891551ab}
Folder Deleted : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\jziptoolbar
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKLM\Software\jZipMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41C4AA37-1DDD-4345-B8DC-734E4B38414D}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip 102 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (de)
File : C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.60.1185.0
File : C:\Users\rahel\AppData\Roaming\Opera\Opera\operaprefs.ini
Deleted : Home URL=hxxp://www.searchqu.com/406
*************************
AdwCleaner[R1].txt - [10948 octets] - [24/02/2013 21:10:27]
AdwCleaner[R2].txt - [5308 octets] - [25/02/2013 14:49:01]
AdwCleaner[S1].txt - [5329 octets] - [25/02/2013 14:55:00]
########## EOF - C:\AdwCleaner[S1].txt - [5389 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.02.2013 16:04:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rahel\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 62,25% Memory free 5,92 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 132,58 Gb Free Space | 56,95% Space Free | Partition Type: NTFS Drive G: | 298,09 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: RAHELS_LAPTOP | User Name: rahel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rahel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (PRISM_USB) -- C:\Windows\System32\drivers\PRISMUSB.sys (GlobespanVirata, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7102}: "URL" = hxxp://search.jzip.com/web?src=ieb&systemid=102&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 34 85 47 02 68 CC 01 [binary data] IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7102}: "URL" = hxxp://search.jzip.com/web?src=ieb&systemid=102&q={searchTerms} IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B3b56bcc7-54e5-44a2-9b44-66c3ef58c13e%7D:0.9.5.1 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.16 20:33:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.09 17:38:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.09 17:38:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.24 14:49:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.05.10 12:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rahel\AppData\Roaming\Mozilla\Extensions [2011.06.12 13:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rahel\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.25 14:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions [2012.12.11 16:19:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013.02.24 09:42:18 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions\firebug@software.joehewitt.com.xpi [2012.11.06 15:09:26 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\rahel\AppData\Roaming\Mozilla\Firefox\Profiles\8x0s4gof.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.09 17:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.01.16 20:33:54 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2013.02.09 17:38:21 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.23 18:36:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 09:46:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 18:36:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 18:36:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 18:36:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 18:36:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rahel\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\rahel\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rahel\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Drive = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.01.25 11:21:52 | 000,002,670 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 crl.verisign.net O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET O1 - Hosts: 127.0.0.1 ood.opsource.net O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net O1 - Hosts: 127.0.0.1 practivate.adobe O1 - Hosts: 127.0.0.1 practivate.adobe O1 - Hosts: 39 more lines... O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-1490465766-3283874311-2335952859-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644C1AAE-9EA2-4718-8642-FED8F6622A7C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5CBA7A-98F4-41DD-8B24-9384FD7D1D1F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 15:12:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rahel\Desktop\OTL.exe [2013.02.25 08:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.25 08:57:12 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.25 08:55:49 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\rahel\Desktop\JRT.exe [2013.02.24 14:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.02.23 17:01:52 | 000,000,000 | ---D | C] -- C:\Users\rahel\AppData\Local\Programs [2013.02.22 22:21:23 | 000,000,000 | ---D | C] -- C:\Users\rahel\AppData\Local\Nikon [2013.02.22 22:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2 [2013.02.22 22:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Specifications [2013.02.22 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2 [2013.02.22 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\StatusSheet [2013.02.22 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Solid Colors [2013.02.22 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\rahel\AppData\Local\Downloaded Installations [2013.02.22 22:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Audio Units [2013.02.21 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013.02.20 20:30:57 | 000,000,000 | ---D | C] -- C:\Users\rahel\AppData\Roaming\Nikon [2013.02.20 20:12:58 | 006,475,096 | ---- | C] (Nikon, Inc.) -- C:\Windows\System32\NEFcodec.dll [2013.02.20 20:12:58 | 000,200,704 | R--- | C] (Nikon Corporation) -- C:\Windows\System32\Strato7.dll [2013.02.20 20:12:58 | 000,110,592 | R--- | C] (Nikon Corporation) -- C:\Windows\System32\RCSigProc.dll [2013.02.20 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer [2013.02.20 20:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies [2013.02.20 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon [2013.02.20 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon [2013.02.20 20:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon [2013.02.20 20:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15 [2013.02.20 20:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\People [2013.02.20 20:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp [2013.02.20 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon [2013.02.18 21:23:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.18 21:23:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.18 21:23:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.18 21:23:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.18 21:23:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.18 21:23:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.18 21:23:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.18 21:23:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.18 09:37:09 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.18 09:36:43 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.18 09:36:29 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.18 09:36:28 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.18 09:36:23 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.09 17:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.27 18:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\LucasChess [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.25 15:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.25 15:12:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rahel\Desktop\OTL.exe [2013.02.25 15:04:37 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 15:04:37 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 14:56:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 14:56:46 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 10:20:22 | 000,594,019 | ---- | M] () -- C:\Users\rahel\Desktop\adwcleaner.exe [2013.02.25 08:55:55 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\rahel\Desktop\JRT.exe [2013.02.24 17:42:49 | 000,000,262 | ---- | M] () -- C:\Users\rahel\Documents\cc_20130224_174244.reg [2013.02.24 17:40:10 | 000,061,348 | ---- | M] () -- C:\Users\rahel\Documents\cc_20130224_174003.reg [2013.02.23 22:06:00 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AVSRegistryCleaner.job [2013.02.22 23:20:12 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2013.02.22 22:33:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.02.22 22:20:03 | 000,000,000 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2013.02.22 22:20:03 | 000,000,000 | ---- | M] () -- C:\Users\rahel\AppData\Roaming\Rule Actions [2013.02.22 22:20:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\Rock Kit [2013.02.22 22:20:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\Quartz Composer [2013.02.22 22:16:42 | 000,000,268 | RH-- | M] () -- C:\ProgramData\SingleFiles [2013.02.22 22:16:42 | 000,000,268 | RH-- | M] () -- C:\Users\rahel\AppData\Roaming\Screen Saver [2013.02.22 22:16:42 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2013.02.22 22:16:00 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk [2013.02.22 22:15:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Smooth Strings [2013.02.22 22:15:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Services [2013.02.22 22:15:47 | 000,000,268 | RH-- | M] () -- C:\Users\rahel\AppData\Roaming\Screen Savers [2013.02.22 22:15:47 | 000,000,268 | RH-- | M] () -- C:\Users\rahel\AppData\Roaming\Sci-Fi [2013.02.22 22:15:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT [2013.02.22 22:15:35 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ATL71.DLL [2013.02.22 22:15:03 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT [2013.02.22 22:15:00 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Standard Tool [2013.02.22 22:15:00 | 000,000,268 | RH-- | M] () -- C:\Users\rahel\AppData\Roaming\Specifications [2013.02.22 16:28:55 | 000,620,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.22 16:28:55 | 000,108,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.20 20:02:14 | 000,002,152 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk [2013.02.20 20:02:04 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk [2013.02.20 20:00:07 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sampler [2013.02.20 20:00:07 | 000,000,268 | RH-- | M] () -- C:\Users\rahel\AppData\Roaming\Rock [2013.02.19 13:20:23 | 004,118,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.18 10:00:36 | 000,001,152 | ---- | M] () -- C:\Users\rahel\Documents\cc_20130218_100032.reg [2013.02.12 16:34:48 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.12 16:34:48 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.27 15:29:00 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.25 10:20:43 | 000,594,019 | ---- | C] () -- C:\Users\rahel\Desktop\adwcleaner.exe [2013.02.24 17:42:47 | 000,000,262 | ---- | C] () -- C:\Users\rahel\Documents\cc_20130224_174244.reg [2013.02.24 17:40:05 | 000,061,348 | ---- | C] () -- C:\Users\rahel\Documents\cc_20130224_174003.reg [2013.02.22 22:20:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\Rock Kit [2013.02.22 22:20:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\Quartz Composer [2013.02.22 22:16:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SingleFiles [2013.02.22 22:16:42 | 000,000,268 | RH-- | C] () -- C:\Users\rahel\AppData\Roaming\Screen Saver [2013.02.22 22:16:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2013.02.22 22:16:00 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk [2013.02.22 22:15:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Smooth Strings [2013.02.22 22:15:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services [2013.02.22 22:15:47 | 000,000,268 | RH-- | C] () -- C:\Users\rahel\AppData\Roaming\Screen Savers [2013.02.22 22:15:47 | 000,000,268 | RH-- | C] () -- C:\Users\rahel\AppData\Roaming\Sci-Fi [2013.02.22 22:15:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2013.02.22 22:15:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2013.02.22 22:15:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard Tool [2013.02.22 22:15:00 | 000,000,268 | RH-- | C] () -- C:\Users\rahel\AppData\Roaming\Specifications [2013.02.22 22:15:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2013.02.20 20:03:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2013.02.20 20:03:27 | 000,000,000 | ---- | C] () -- C:\Users\rahel\AppData\Roaming\Rule Actions [2013.02.20 20:02:14 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk [2013.02.20 20:02:04 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk [2013.02.20 20:00:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler [2013.02.20 20:00:07 | 000,000,268 | RH-- | C] () -- C:\Users\rahel\AppData\Roaming\Rock [2013.02.20 20:00:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2013.02.18 10:00:34 | 000,001,152 | ---- | C] () -- C:\Users\rahel\Documents\cc_20130218_100032.reg [2012.07.26 12:56:00 | 000,000,047 | ---- | C] () -- C:\Users\rahel\AppData\Roaming\mbam.context.scan [2012.04.05 10:57:25 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.03.03 20:28:23 | 000,000,132 | ---- | C] () -- C:\Users\rahel\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.02.02 16:27:41 | 004,118,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.27 18:14:12 | 000,001,456 | ---- | C] () -- C:\Users\rahel\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.07.02 14:43:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.20 18:52:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL [2011.03.24 20:13:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 16:04:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rahel\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,96 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 62,25% Memory free
5,92 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 132,58 Gb Free Space | 56,95% Space Free | Partition Type: NTFS
Drive G: | 298,09 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Computer Name: RAHELS_LAPTOP | User Name: rahel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021FF9B3-E7DC-4015-BD2E-14FA6D982794}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B4C8170-B855-40A8-93E1-0791411809A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{223F3778-58C5-4A3D-A8A8-452FC1CBFCCE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A902206-955F-4C9A-9766-3823876C980C}" = rport=445 | protocol=6 | dir=out | app=system |
"{30503A8F-6E01-4697-AB60-2906FB9921BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{30D66A15-8C0A-4C68-BAC4-3FF1706EE0EB}" = lport=138 | protocol=17 | dir=in | app=system |
"{393833A7-65CC-4550-86DD-384E31515428}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B718FBA-5B4B-43CD-8F89-1511B7DA78F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40CACA86-7182-4963-91E1-AF20E84D9A2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A7B5927-B2B7-41F3-B240-A521EC3EF5B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6DC1E4F5-A63A-474D-BE99-3699386980FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77B553DC-8768-479D-A1FB-1DDEF71AC31C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A487557-903B-4E8E-B668-55CF08CD338A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D375F43-9D4A-4BEB-A135-78F3F8D0A27F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A24F8A26-4CB5-42D3-B98C-2B14F2EC039C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A843124E-3C4B-477E-9E4C-C65E9895557B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B844D0DD-0035-401E-A954-9A1E7EC0DAF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB2BA51F-DA51-471A-9119-028A71DB6E8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEA993D0-8DDB-4D5B-8640-A9A2509E4EB6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D31ADC40-E653-4245-AA34-D9A4AA173017}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8A8E9BE-91B3-4C10-9C46-309A94EAFCE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{E7319DFA-AC4A-4BEB-8A8B-D560122002AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E92235CE-BCAE-479D-B18D-E85A55EBD195}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0420F275-A9FE-4714-AE3C-517481D3B31C}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{069C3E73-4A82-4E59-9389-34B392986513}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07255E46-44EB-4A8F-AB0A-8D04DDC9C39B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{1266A0BB-0CA4-4DC7-888D-4CE44E0CB017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C60AA91-F696-470A-AA36-F5870B01C3D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A388D1D-7CE5-4FF3-AF08-2CB42C1F9B23}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{41047DFB-4146-4F18-905F-F40840B84C53}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4430711B-F2A1-4D5B-AC48-57B487B47C60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{458F0A9E-3F26-4D04-A685-4936D1CEBC13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47D4A3E2-E20B-46AC-A43E-924C7251FB29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{489B9AE1-CCC9-40C7-AAD3-0817A5210A25}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{48E3D52A-7491-4C3B-9437-C41FAE999B6B}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{5EC24046-A268-453F-B30B-1ACC18A9515E}" = protocol=6 | dir=in | app=c:\program files\windows jzip toolbar\toolbar\dtuser.exe |
"{66B20C7C-FB02-4B60-A0EF-315D0C4FA78D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{68B72C5A-ED74-4F3F-97EA-C152AA4795F3}" = protocol=17 | dir=in | app=c:\program files\windows jzip toolbar\toolbar\dtuser.exe |
"{70023B7D-1B0D-4F37-B9B8-EC71254060B3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{85130EFD-C52F-4DFE-97C7-47BD93FB799A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{853AA7C8-F7F8-4B31-929C-36DA74E5CEDF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{88EDF47F-47B7-48BE-A64D-B58585C17501}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{96744583-235F-4CE2-A99F-522480AFF09B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{99DCCBC7-1397-4640-BDF1-9FE10C6ABBB9}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{9F36A903-A4CE-4B29-BE67-3E4641DF089C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACA38590-8CBC-45F6-B135-36384E3469A0}" = protocol=6 | dir=out | app=system |
"{AF29249D-A93C-4E2A-8879-4F1ABEF3FF54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B5B6084D-4C7E-46E2-8573-AB03FB9AD704}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7193D93-9521-489C-B8A7-6D0CCE07DB3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF1BAFCB-7248-4BE4-9DCC-5DED45DA06B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D296255B-5E01-4A96-B66E-051961A746B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4118581-B5C8-49D5-8DD0-06FB6F8E9C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D595CA58-540C-49DD-8589-816B4A66730D}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{DA3A5298-1125-4EE8-B0D6-A6F7B7BEC81E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE7A4C77-FEB8-4FF7-B573-B010740D177F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4F67383-46CF-46C8-BC20-6054A4A6C31F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E519A201-C52C-43C7-B659-6C540AAE0C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E88EA213-9E01-4742-A2D8-EEC353D5F705}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FF66E208-49DC-48EE-AFAF-49D49BEE7F88}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{29C65608-B220-4DEA-84A0-5E3D295A2DAC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{309814AB-DC48-4396-8B80-C5D3B2419930}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{437C6C94-CEF8-40D3-BBBD-10B69ADC13F2}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{7BA19988-8068-4F6A-B5A1-7E366E531CE8}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{95E3B934-6280-41A0-9956-AFAB52BB547D}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{9826FE1F-DC1C-4DB7-AEC2-8BC31FB5429A}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{E669DFBC-446B-45DE-9686-7C7D64BEE7B5}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{30C75FE5-2FD7-4F86-81CB-272D1FA7E8C5}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{46B83E63-B478-46F4-AF3A-89A749BBE7E5}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{634FAB41-43B3-4B6E-A3A4-1E0A429C98F7}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{66C0B364-9498-43FA-B1EF-1130B0051C60}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{8B171019-A1D0-412F-9D1A-7F42759247C0}C:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{AFD4D2A8-5CA6-40E0-A2CD-E83FDC1265C6}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{DF2D5E06-1383-43AC-B8C1-3694B3F158E3}C:\program files\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4\flashbuilder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C23F14-DEF8-F920-AF54-4184246D9069}" = EasyRotator Wizard
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.dwuser.erwizard.EasyRotatorWizard" = EasyRotator Wizard
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"jZip" = jZip
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.60.1185" = Opera 11.60
"TeamViewer 6" = TeamViewer 6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 09:31:11 | Computer Name = rahels_laptop | Source = Application Hang | ID = 1002
Description = The program InDesign.exe version 7.0.0.355 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 928 Start
Time: 01ce1359b680f7b5 Termination Time: 30 Application Path: C:\Program Files\Adobe\Adobe
InDesign CS5\InDesign.exe Report Id:
Error - 25.02.2013 09:39:39 | Computer Name = rahels_laptop | Source = Application Error | ID = 1000
Description = Faulting application name: InDesign.exe, version: 7.0.0.355, time
stamp: 0x4bad00be Faulting module name: Public.dll, version: 7.0.0.355, time stamp:
0x4bad0027 Exception code: 0xc0000005 Fault offset: 0x00178013 Faulting process id:
0x588 Faulting application start time: 0x01ce135ce1a2d267 Faulting application path:
C:\Program Files\Adobe\Adobe InDesign CS5\InDesign.exe Faulting module path: C:\Program
Files\Adobe\Adobe InDesign CS5\Public.dll Report Id: ccae8b69-7f50-11e2-840d-0013779869d0
[ System Events ]
Error - 25.02.2013 05:40:34 | Computer Name = rahels_laptop | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
25.02.2013, 16:36
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los?Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 18:37
| #9 |
| | Tags.bluekai - wie werde ich diesen Schädling wieder los? das ist der Labtop meiner Tochter und die hat bis vor zwei Jahren studiert. Wo ist das Problem? |
|
26.02.2013, 00:26
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los? Du gehst NULL auf meine Frage ein. Warum ist da ein Professional Windows drauf? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 09:03
| #11 |
| | Tags.bluekai - wie werde ich diesen Schädling wieder los? Ich gestehe unter Folter - ich weiß es nicht! es ist mir auch egal! Und dieser Thread artet zur Inquisition aus, ER WIRD VON MIR GESCHLOSSEN! |
|
26.02.2013, 10:59
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los? Ist es so schwierig mal zu beantworten wo du das Gerät her hast, wer das Windows installiert haben könnte? Ich stell diese Frage jedem, der Logs postet in dem ein Professional Windows steht!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 13:12
| #13 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tags.bluekai - wie werde ich diesen Schädling wieder los? Nachtrag: Professional ist nicht wirklich für einen Heim-PC bestimmt, dafür gibt es die Edition Home bzw. Home Premium - sieht man Professional dann kann man gewerbliche Nutzung des Rechners vermuten. Deswegen frag ich nach weil ich das wissen muss, denn dann kommt so ein Hinweis: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Tags.bluekai - wie werde ich diesen Schädling wieder los? |
| aufrufen, bla, nichts, schädling, tags.bluekai, vollversion, wieder weg, zahlen, zeitweise |
Linear-Darstellung
