|
Plagegeister aller Art und deren Bekämpfung: Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.04.2013, 15:08 | #1 |
| Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernen Hallo, ich habe das Problem wie schon viele hier, dass ich "click to continue > by coupon dropdown" im Firefox nicht entfernen kann. Das Problem besteht seit dem letzten Update von Firefox auf Version 19.0.2 Ich habe bereits in meinen Programmen und den Firefox Add-ons nach gesehen, allerdings kann ich dort nichts finden, was neu installiert wurde. Außerdem habe ich Malwarebytes Anti-Rootkit zwei Mal laufen lassen und alle Malware, die gefunden wurde, entfernen lassen. Ebenfalls habe ich AdwCleaner laufen lassen und alle Infektionen gelöscht. Dies hat jedoch nichts geholfen. Nach wie vor sind auf vielen Seiten diese kleinen Links die, wenn man mit der Maus darüber fährt, wie folgt aussehen: Daher brauche ich jetzt wohl Hilfe. Ich habe wie in der Anleitung beschrieben defogger laufen lassen, mit keinem Ergebnis. Anschließend noch OLT und Gmer (die Log-Datei von GMER befindet sich aufgrund der Größe im Anhang) OLT.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2013 13:20:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 26,81% Memory free 3,73 Gb Paging File | 1,86 Gb Available in Paging File | 50,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 93,13 Gb Total Space | 45,44 Gb Free Space | 48,79% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.04.01 13:20:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.22 18:47:03 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.09 16:02:15 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.11.01 18:04:20 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 18:04:16 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 18:47:02 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.20 16:48:07 | 000,122,880 | ---- | M] () -- C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll MOD - [2013.03.09 16:02:14 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2006.10.27 16:35:18 | 000,436,512 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL MOD - [2006.10.26 22:30:42 | 000,065,312 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL MOD - [2006.10.26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.09.06 02:53:46 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.02.12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2013.03.22 18:47:03 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.09 16:02:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.02 17:25:14 | 002,232,504 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.01 18:04:20 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 18:04:16 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.09.20 15:26:18 | 000,033,616 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2012.05.10 17:41:22 | 000,026,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel) DRV:64bit: - [2012.04.06 18:11:16 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.03.28 14:21:50 | 004,438,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012.03.12 23:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 13:33:02 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:64bit: - [2012.02.02 09:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2012.01.30 15:06:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.29 13:37:44 | 000,035,120 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2011.12.27 02:18:48 | 000,043,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.11.10 19:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.10.21 12:30:02 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.20 11:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF) DRV:64bit: - [2011.08.23 07:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.08.19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.04.27 16:42:00 | 000,056,040 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2010.02.26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.01 18:05:54 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.11.01 18:04:14 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.06 15:58:48 | 000,750,304 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.10.06 15:58:16 | 000,669,792 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.09.12 15:24:52 | 000,057,376 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.15 18:29:00 | 000,107,808 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ozscrx64.sys -- (O2SCBUS) DRV:64bit: - [2006.12.26 11:27:20 | 000,007,168 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:64bit: - [2006.11.01 20:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 20:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001.08.18 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 BA 76 E5 4D DF CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.use***ForOrder: true FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16 FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.ftp: "81.22.38.67" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "81.22.38.67" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "81.22.38.67" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "81.22.38.67" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 14:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.20 14:43:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.03.20 16:48:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 16:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.01 12:20:02 | 000,000,000 | ---D | M] [2011.12.19 20:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.31 18:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p4t7wjzb.default\extensions [2013.03.20 13:16:09 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p4t7wjzb.default\extensions\firefox@ghostery.com [2013.03.03 14:07:29 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.26 14:44:56 | 000,052,454 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\googledictionary@toptip.ca.xpi [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.02.09 13:02:58 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\stealthyextension@gmail.com.xpi [2013.02.15 22:35:26 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.22 18:15:43 | 000,005,370 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\searchplugins\webde-suche.xml [2012.10.28 22:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.28 22:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.10.28 22:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.12.21 14:02:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.03.20 16:48:07 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.03.09 16:02:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.30 17:18:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:18:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.30 17:18:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.30 17:18:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.30 17:18:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.30 17:18:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {***C80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {***C80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20594395-D96B-4EE5-8210-B0EB6CEAA1E3}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20594395-D96B-4EE5-8210-B0EB6CEAA1E3}: NameServer = 213.73.91.35,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35EDAE21-E274-4EF1-A551-8D7E28931B8D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35EDAE21-E274-4EF1-A551-8D7E28931B8D}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0005EC3-85B3-4719-8CF0-204A47148CD6}: DhcpNameServer = 130.149.7.7 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{062ef6e0-2187-11e1-9c6a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{062ef6e0-2187-11e1-9c6a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O33 - MountPoints2\{062ef6e0-2187-11e1-9c6a-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe O33 - MountPoints2\{062ef6e0-2187-11e1-9c6a-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat O33 - MountPoints2\{5eab56ab-4b3e-11e1-9925-0023268ba3d5}\Shell - "" = AutoRun O33 - MountPoints2\{5eab56ab-4b3e-11e1-9925-0023268ba3d5}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{5eab56ab-4b3e-11e1-9925-0023268ba3d5}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{5eab56ab-4b3e-11e1-9925-0023268ba3d5}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.01 13:20:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.01 12:36:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.01 12:21:04 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.31 19:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2013.03.31 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2013.03.31 19:37:35 | 003,811,928 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\dfsetup213.exe [2013.03.31 17:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.31 17:34:23 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.03.31 17:25:01 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 09:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\snes9x153 [2013.03.25 14:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\snes9x-1.52-win32.fix3 [2013.03.25 14:06:25 | 000,377,344 | ---- | C] (Firelight Technologies) -- C:\Users\***\Desktop\fmodex.dll [2013.03.24 17:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2013.03.24 17:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2013.03.24 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.22 13:11:04 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.03.21 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\***\Verträge [2013.03.07 22:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.03 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\***\Uni [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.01 13:20:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.01 13:18:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.01 13:14:49 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe [2013.04.01 13:14:30 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.01 13:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.01 12:45:43 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 12:45:43 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 12:44:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.01 12:44:55 | 000,656,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.01 12:44:55 | 000,616,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.01 12:44:55 | 000,130,894 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.01 12:44:55 | 000,107,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.01 12:38:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.01 12:36:47 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.01 12:36:38 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.04.01 12:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 12:36:10 | 466,866,150 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.01 12:36:07 | 1500,057,600 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 12:28:13 | 000,881,935 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.04.01 12:20:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.01 12:06:17 | 001,260,366 | ---- | M] () -- C:\Users\***\zoek.zip [2013.03.31 19:37:46 | 003,811,928 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\dfsetup213.exe [2013.03.31 18:42:21 | 000,001,054 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.31 17:34:12 | 012,894,739 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.03.31 17:32:08 | 000,609,993 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.31 17:25:35 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.29 23:46:35 | 000,000,094 | ---- | M] () -- C:\Users\***\Desktop\ShutDownTimer.ini [2013.03.23 13:02:37 | 000,001,084 | ---- | M] () -- C:\Users\***\Desktop\*** - Verknüpfung.lnk [2013.03.21 10:27:23 | 000,001,478 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.20 16:41:40 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.03.20 15:56:12 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.20 14:43:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.03.07 01:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.03.07 01:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.03.04 09:10:20 | 000,342,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.01 13:18:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.01 13:14:49 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe [2013.04.01 13:14:23 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.01 12:36:10 | 466,866,150 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.01 12:27:55 | 000,881,935 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.04.01 12:20:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.01 12:20:02 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.01 12:06:16 | 001,260,366 | ---- | C] () -- C:\Users\***\zoek.zip [2013.03.31 17:33:59 | 012,894,739 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.03.31 17:32:07 | 000,609,993 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.24 23:07:12 | 000,000,094 | ---- | C] () -- C:\Users\***\Desktop\ShutDownTimer.ini [2013.03.23 13:02:37 | 000,001,084 | ---- | C] () -- C:\Users\***\Desktop\*** - Verknüpfung.lnk [2013.03.21 10:27:23 | 000,001,478 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.20 16:41:40 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.03.20 14:43:39 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.03.20 14:43:36 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.03.20 13:15:22 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.18 13:16:01 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl [2013.03.07 22:33:58 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.07 22:33:56 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.27 10:40:57 | 000,867,170 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2013.02.27 10:39:56 | 000,101,152 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2013.02.27 10:28:48 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2012.10.29 09:17:06 | 000,007,608 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.22 18:08:51 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.05.30 20:32:30 | 000,965,288 | ---- | C] () -- C:\Users\***\Der-grandiose-Bildverkleinerer-Setup.exe [2012.05.22 12:51:24 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.05.22 12:51:20 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.05.22 12:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.05.22 12:51:14 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.05.22 10:23:13 | 002,392,866 | ---- | C] () -- C:\ProgramData\eng-deu.tld [2012.04.06 19:00:18 | 000,267,824 | ---- | C] () -- C:\Users\***\Kochbuch.mcf [2012.04.06 17:29:21 | 000,000,000 | ---- | C] () -- C:\Users\***\test.mcf [2012.04.03 15:38:23 | 000,000,180 | -H-- | C] () -- C:\Windows\SysWow64\infopsvEV67s.dll [2012.02.19 14:13:00 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI [2012.01.30 15:09:52 | 000,000,162 | ---- | C] () -- C:\Windows\O***C.INI [2012.01.08 18:15:14 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.08 18:00:27 | 000,000,620 | ---- | C] () -- C:\Users\***\AppData\Roaming\benibelawordCount.usage [2011.12.08 16:53:57 | 000,884,363 | ---- | C] () -- C:\Users\***\AntiTwin.exe [2011.12.08 13:01:56 | 000,000,208 | ---- | C] () -- C:\Windows\hbcikrnl.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130C***-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130C***-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.24 09:59:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.12.08 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\benibela [2012.12.02 18:48:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bildverkleinerer [2011.12.20 16:39:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.08.18 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert [2012.01.30 15:07:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.04.01 12:40:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.01.30 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.02.19 13:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.07.01 18:48:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.08.23 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2012.12.07 11:15:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.09.25 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u [2013.01.30 09:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2012.08.22 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.01.30 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2012.08.29 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2012.01.08 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Solveig Multimedia [2013.03.20 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2012.05.13 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\texstudio [2013.01.13 14:05:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vocup ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.04.2013 13:20:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 26,81% Memory free 3,73 Gb Paging File | 1,86 Gb Available in Paging File | 50,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 93,13 Gb Total Space | 45,44 Gb Free Space | 48,79% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{190B0CA4-F16E-4F40-8A96-BC586BF06B5A}" = lport=138 | protocol=17 | dir=in | app=system | "{204E926D-41C5-424E-B1A3-14205C0C9FAA}" = rport=139 | protocol=6 | dir=out | app=system | "{2F7CB988-D452-4BB2-AA40-C4CB8A72D760}" = lport=445 | protocol=6 | dir=in | app=system | "{30C179F7-F372-4CC6-85A4-7C8B72A926B2}" = lport=137 | protocol=17 | dir=in | app=system | "{339B5410-8958-434E-9A9F-A1C5B070E6A7}" = rport=445 | protocol=6 | dir=out | app=system | "{37D4068A-7307-4942-88C0-394A37319282}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{91A4DF87-725A-4704-9AF7-0947CF125A79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98BB79B0-1488-44A6-9ED7-E78974DE701F}" = lport=139 | protocol=6 | dir=in | app=system | "{AEDA8652-B450-4BAC-A11C-77FE7D6C2CDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9778C61-B08D-4B46-97BE-29F6A7C7627C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7940AF6-1F12-46D5-8248-CAA4F93889F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E8D09645-4091-4BB7-9385-B1011B52E54E}" = rport=137 | protocol=17 | dir=out | app=system | "{EFD232C9-D14D-4192-A1C2-D2C37B9A4727}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{F4DC300A-7C73-42C5-BED0-9D9650ADD57E}" = rport=138 | protocol=17 | dir=out | app=system | "{F68A24DF-***46-4AD3-9AFC-698FB91EA67E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0925A68C-BCD6-45F2-A5B9-ED016E1B472C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1BCD803D-180F-45EF-A9B6-EEB2EAC6D8CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{49EFC35E-24DD-4FA8-A9A9-573DF7D75E61}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{5580C396-0A92-41DA-9A47-858E7915E03E}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{6CB4EC24-00E8-4349-8952-FD8F35A4FE56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{705B0D56-76F1-430C-AEFA-D853FF652694}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{73125F22-FE91-4216-9B4C-***91A673B196}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "{7DAA0AAA-A27F-4522-B926-703CF722DD79}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8A31C938-6060-44E2-93D1-F20C0AB5CEEE}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{8E60C874-E54E-49C1-B060-0A***0A3F7F40}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{921362A6-4FB5-41C0-A286-A3F8B768C86D}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{95E920BD-7C26-49E8-A3E1-D5BBAC1EAD3B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{966B7A81-5080-4B71-9584-45F9934F3E51}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{98F47D2E-43A7-4F88-8EF7-F10326C13CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{D89EB745-5D58-4E5C-9A***-F44610EE3D77}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{E622D12B-99DF-4D65-AE0A-51007D4E9519}" = dir=in | app=c:\program files (x86)\jeak.de\qip 2012 jeak-edition\qip.exe | "{E7312C23-66D3-4852-ABD1-8EB2FD372019}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | "{ECEB2670-7DE2-420B-B550-5684DE4D0102}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | "TCP Query User{0DA78AD4-F846-4008-AE8A-EF9F9ADEC3AB}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{2E6923F5-229F-41C0-BA67-E63708405AAE}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "TCP Query User{66BAD16E-9132-4648-99E4-3F8D811F91FA}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "TCP Query User{7AB94614-5FB8-4C82-B33D-62973B7FD437}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{862F338B-238C-4AF6-B6F6-27E01F0FE6E8}C:\program files (x86)\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jeak.de\qip 2012 jeak-edition\qip.exe | "TCP Query User{8A36B7C6-81AB-491C-AD3C-DD28A125AE26}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "TCP Query User{A8972A35-C1DE-4F3F-87CB-3D0BD325FC99}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{BBDA81EE-931D-497F-BCCA-2E21D79637CD}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{CD5D83C3-A483-4AA2-A051-A5B61025C51B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{D1EE3D93-2E48-4AEF-9240-4FDF1E5B48E3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{237F8A52-CF97-4F97-BCEF-A2850700CE2E}C:\program files (x86)\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jeak.de\qip 2012 jeak-edition\qip.exe | "UDP Query User{5F1B9ED2-01D1-4209-8435-829A8C607534}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{642A6E08-2D7C-444B-B867-9C01D5F235B8}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{6B55E574-E5B8-48E9-B986-03853B903B92}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{7797FFE2-1853-46BD-807F-9DEE68058DE1}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "UDP Query User{85FA5D61-0780-429C-8682-EA6DE3C472EB}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | "UDP Query User{98419D23-8B04-4***D-B35C-441C50D06BCF}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{AFF7BFA1-E005-4803-B888-8EF51B850BAD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{C8837208-3D38-40EA-8091-A71930922871}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "UDP Query User{E7027CB9-0388-4D19-8F7B-B3A961079323}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit) "{1199FAD5-9546-44f3-81CF-FF***8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{2DD893C5-ABC1-4E27-B6D4-279E01AEB4E2}" = OZ711 SCR Driver (x64) "{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver "{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.95.0 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Defraggler" = Defraggler "GIMP-2_is1" = GIMP 2.8.2 "GPL Ghostscript 9.02" = GPL Ghostscript "GSview 5.0" = GSview 5.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "PROSetDX" = Intel(R) Network Connections 17.4.95.0 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = C***urnerXP "{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.3.1 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 15.0.900.2 "{E12C6653-1FF0-4686-A***8-589C13AE761F}" = Citavi "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7***C}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "avast" = avast! Free Antivirus "Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.3 "Fotosizer" = Fotosizer 1.37 "Foxit Reader_is1" = Foxit Reader "Giraffic" = Veoh Giraffic Video Accelerator "GoldenDict" = GoldenDict "HyperCam 3" = HyperCam 3 "InstallShield_{2DD893C5-ABC1-4E27-B6D4-279E01AEB4E2}" = OZ711 SCR Driver (x64) "InstallShield_{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver "IsoBuster_is1" = IsoBuster 3.1 "LingoPad_is1" = LingoPad 2.6 (Build 360) "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "MiKTeX 2.9" = MiKTeX 2.9 "MinGW_is1" = MinGW 3.1.0 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenVPN" = OpenVPN 2.2.2 "Picasa 3" = Picasa 3 "QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "TeXstudio_is1" = TeXstudio 2.3 "Veoh Web Player Beta" = Veoh Web Player "VISPRO" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 2.0.1 "Vocup_is1" = Vocup 1.4.3 "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.03.2013 10:18:03 | Computer Name = *** | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 22.03.2013 18:28:40 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0x950 Startzeit der fehlerhaften Anwendung: 0x01ce271ce69c0529 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: d875d813-933f-11e2-bf65-0023268ba3d5 Error - 23.03.2013 05:43:26 | Computer Name = *** | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.03.2013 08:42:59 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: snes9x.exe, Version: 1.5.2.0, Zeitstempel: 0x4b4e4c3c Name des fehlerhaften Moduls: XAudio2_1.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x48406b28 Ausnahmecode: 0xc0000005 Fehleroffset: 0x66f686d0 ID des fehlerhaften Prozesses: 0xcc8 Startzeit der fehlerhaften Anwendung: 0x01ce29542b20272c Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\snes9x-1.52-win32.fix3\snes9x.exe Pfad des fehlerhaften Moduls: XAudio2_1.dll Berichtskennung: 85e26d57-9549-11e2-9035-0023268ba3d5 Error - 25.03.2013 11:58:36 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: snes9x.exe, Version: 1.5.2.0, Zeitstempel: 0x4b4e4c3c Name des fehlerhaften Moduls: XAudio2_1.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x48406b28 Ausnahmecode: 0xc0000005 Fehleroffset: 0x66ff86d0 ID des fehlerhaften Prozesses: 0x10d4 Startzeit der fehlerhaften Anwendung: 0x01ce295652fe5ad3 Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\snes9x-1.52-win32.fix3\snes9x.exe Pfad des fehlerhaften Moduls: XAudio2_1.dll Berichtskennung: d9c3fb3e-9564-11e2-9035-0023268ba3d5 Error - 25.03.2013 13:25:29 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: snes9x.exe, Version: 1.5.2.0, Zeitstempel: 0x4b4e4c3c Name des fehlerhaften Moduls: XAudio2_1.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x48406b28 Ausnahmecode: 0xc0000005 Fehleroffset: 0x66ff86d0 ID des fehlerhaften Prozesses: 0x10a0 Startzeit der fehlerhaften Anwendung: 0x01ce297aea687785 Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\snes9x-1.52-win32.fix3\snes9x.exe Pfad des fehlerhaften Moduls: XAudio2_1.dll Berichtskennung: fd188e5c-9570-11e2-9035-0023268ba3d5 Error - 26.03.2013 03:18:45 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: snes9x.exe, Version: 1.5.2.0, Zeitstempel: 0x4b4e4c3c Name des fehlerhaften Moduls: XAudio2_1.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x48406b28 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6aa886d0 ID des fehlerhaften Prozesses: 0xb08 Startzeit der fehlerhaften Anwendung: 0x01ce29ef50c328a7 Pfad der fehlerhaften Anwendung: C:\Users\***\Desktop\snes9x-1.52-win32.fix3\snes9x.exe Pfad des fehlerhaften Moduls: XAudio2_1.dll Berichtskennung: 64d58f9b-95e5-11e2-9035-0023268ba3d5 Error - 27.03.2013 12:56:39 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814, Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814, Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften Prozesses: 0xd20 Startzeit der fehlerhaften Anwendung: 0x01ce2ac5f224271b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 4a8e2161-96ff-11e2-a91d-0023268ba3d5 Error - 28.03.2013 04:45:46 | Computer Name = *** | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 29.03.2013 07:08:15 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm snes9x-x64.exe, Version 1.5.3.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10dc Startzeit: 01ce2c6d8dbdffc3 Endzeit: 4 Anwendungspfad: C:\Users\***\Desktop\snes9x153\snes9x-x64.exe Berichts-ID: e9347179-9860-11e2-9b02-0023268ba3d5 [ OSession Events ] Error - 08.01.2012 12:15:15 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1893 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 01.04.2013 06:36:48 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PortableVBoxDRV" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 01.04.2013 06:36:48 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "PortableVBoxUSBMon" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 01.04.2013 06:38:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 06:38:38 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 01.04.2013 06:39:17 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 01.04.2013 06:48:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 06:58:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 07:08:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 07:18:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 07:28:14 | Computer Name = *** | Source = DCOM | ID = 10016 Description = < End of report > Vielen Dank schon einmal für die Mühe und die Hilfe! |
01.04.2013, 19:58 | #2 |
/// Helfer-Team | Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernenwo sind die anderen Logfiles, die du schon erstellt hast? Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast! (Reiter Logdateien) Dazu MBAR und adwCleaner! Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll File not found [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p4t7wjzb.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\***\*.tmp C:\Users\***\AppData\*.dll C:\Users\***\AppData\*.exe C:\Users\***\AppData\Local\Temp\*.exe C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
__________________ |
18.05.2013, 10:37 | #3 |
/// Helfer-Team | Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernen Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
Themen zu Ich kann "click to continue > by coupon dropdown" im Firefox nicht entfernen |
adobe, antivirus, application/pdf:, aswrvrt.sys, autorun, bho, canon, clipgrab, continue, entfernen, error, fehler, firefox, flash player, format, helper, install.exe, log-datei, logfile, maus, monitor.exe, mozilla, plug-in, port, problem, realtek, registry, rundll, scan, software, svchost.exe, udp, windows, windows xp |