|
Plagegeister aller Art und deren Bekämpfung: Delta Search lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.05.2013, 08:11 | #1 |
| Delta Search lässt sich nicht entfernen Hallo zusammen, ich habe mich neu hier angemeldet, da ich schon seit einiger Zeit Probleme mit Delta Search habe und hoffe, hier Hilfe zu finden. Wenn ich in Firefox einen neuen Tab öffne, erscheint diese Suchmaschine und ich habe bereits mehrmals versucht, sie mit verschiedenen Reinigungsprogrammen loszuwerden. Anfangs schien es, als wäre Delta tatsächlich verschwunden, aber gestern tauchte es einfach wieder auf. Ich habe hier bereits einen Thread zu diesem Thema gefunden, aber nachdem ich gelesen habe, dass ich auf keinen Fall einfach blind den Schritten dort folgen soll, wollte ich mir lieber individuelle Hilfe holen. Ich habe bereits einen Scan von AdwCleaner und OTL laufen lassen, wollte jetzt aber mit den weiteren Schritten abwarten. Nach den beiden Scans erscheint Delta Search nicht mehr in einem neuen Tab, aber soweit war ich schon einmal und dann kam es nach ein paar Tagen wieder. Ich würde mich freuen, wenn mir jemand helfen kann, dieses lästige Delta Search komplett von meinem Computer zu entfernen. Geändert von Naizah (27.05.2013 um 09:07 Uhr) |
27.05.2013, 12:11 | #2 |
/// the machine /// TB-Ausbilder | Delta Search lässt sich nicht entfernen Hi,
__________________poste bitte die Logfiles.
__________________ |
27.05.2013, 12:31 | #3 |
| Delta Search lässt sich nicht entfernen Einmal das Log vom AdwCleaner:
__________________Code:
ATTFilter # AdwCleaner v2.301 - Datei am 27/05/2013 um 08:49:20 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Birgit - MIRAYA # Bootmodus : Normal # Ausgeführt unter : E:\Eigene Dateien\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Birgit\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Birgit\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Birgit\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\5b57df88b06aba14 Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b57df88b06aba14 ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Birgit\AppData\Roaming\Mozilla\Firefox\Profiles\ao9z1qa1.default\prefs.js C:\Users\Birgit\AppData\Roaming\Mozilla\Firefox\Profiles\ao9z1qa1.default\user.js ... Gelöscht ! Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=121562&babsrc=HP_ss&mntr[...] Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search"); Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=121562&babsrc=NT_ss&mntrId=0A1A0[...] Gelöscht : user_pref("extensions.delta.admin", false); Gelöscht : user_pref("extensions.delta.aflt", "babsst"); Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Gelöscht : user_pref("extensions.delta.dfltLng", "en"); Gelöscht : user_pref("extensions.delta.excTlbr", false); Gelöscht : user_pref("extensions.delta.id", "0a1a4ffe0000000000000022436b6c97"); Gelöscht : user_pref("extensions.delta.instlDay", "15803"); Gelöscht : user_pref("extensions.delta.instlRef", "sst"); Gelöscht : user_pref("extensions.delta.newTab", false); Gelöscht : user_pref("extensions.delta.prdct", "delta"); Gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Gelöscht : user_pref("extensions.delta.rvrt", "false"); Gelöscht : user_pref("extensions.delta.smplGrp", "none"); Gelöscht : user_pref("extensions.delta.tlbrId", "base"); Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0"); Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.012:14:19"); Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0"); ************************* AdwCleaner[S1].txt - [3234 octets] - [27/05/2013 08:49:20] ########## EOF - C:\AdwCleaner[S1].txt - [3294 octets] ########## Code:
ATTFilter OTL logfile created on: 27.05.2013 13:17:27 - Run 2 OTL by OldTimer - Version 3.2.69.0**** Folder = E:\Eigene Dateien\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy * 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,28% Memory free 7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] * %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 5,64 Gb Free Space | 9,65% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32 Drive E: | 852,92 Gb Total Space | 516,13 Gb Free Space | 60,51% Space Free | Partition Type: NTFS * Computer Name: MIRAYA | User Name: Birgit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days * ========== Processes (SafeList) ========== * PRC - E:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - E:\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\Birgit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - E:\Programme\Rainlendar2\Rainlendar2.exe () * * ========== Modules (No Company Name) ========== * MOD - E:\Programme\Firefox\mozjs.dll () MOD - E:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - E:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - E:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - E:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - E:\Programme\Rainlendar2\Rainlendar2.exe () MOD - E:\Programme\Rainlendar2\lfs.dll () MOD - E:\Programme\Rainlendar2\lua51.dll () * * ========== Services (SafeList) ========== * SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- E:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) * * ========== Driver Services (SafeList) ========== * DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBET) -- C:\Windows\SysNative\drivers\ETdrv.sys (Etron) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) * * ========== Standard Registry (SafeList) ========== * * ========== Internet Explorer ========== * IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC * IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 A9 DF 15 48 B9 CA 01* [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 * ========== FireFox ========== * FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - user.js - File not found * FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:* File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Programme\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) * FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Programme\Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Programme\Firefox\plugins [2013.05.27 08:38:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2013.05.14 20:23:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins [2013.05.27 08:38:42 | 000,000,000 | ---D | M] * [2010.08.15 22:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions [2010.08.15 22:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.25 20:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\Firefox\Profiles\ao9z1qa1.default\extensions [2013.05.25 20:43:47 | 000,868,550 | ---- | M] () (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\firefox\profiles\ao9z1qa1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.05.08 20:59:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Birgit\AppData\Roaming\mozilla\firefox\profiles\ao9z1qa1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi * O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [ccleaner] E:\Programme\CCleaner\ccleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKCU..\Run: [Rainlendar2] E:\Programme\Rainlendar2\Rainlendar2.exe () O4 - Startup: C:\Users\Birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Birgit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9F9EBF5-B6B2-4D2E-943F-17DC6DDD1F49}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.07 16:17:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{78ba70a5-8dbb-11e0-a962-00242106c2fc}\Shell - "" = AutoRun O33 - MountPoints2\{78ba70a5-8dbb-11e0-a962-00242106c2fc}\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\{834b9df0-4322-11df-9acd-00242106c2fc}\Shell - "" = AutoRun O33 - MountPoints2\{834b9df0-4322-11df-9acd-00242106c2fc}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) * ========== Files/Folders - Created Within 30 Days ========== * [2013.05.26 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Birgit\Desktop\Castle.2009.S05.HDTV.x264-LOL [2013.05.15 22:59:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.15 22:59:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.15 22:59:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 22:59:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.15 22:59:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.15 22:59:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 22:59:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.15 22:59:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.15 22:59:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 22:59:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.15 22:59:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.15 22:59:57 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 22:59:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 22:59:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 22:59:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 21:30:21 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 21:30:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 21:30:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 21:30:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 21:30:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 21:30:09 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 21:29:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.07 19:59:58 | 000,000,000 | ---D | C] -- C:\Transfer [2013.05.07 19:51:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.05.07 16:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.07 16:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] * ========== Files - Modified Within 30 Days ========== * [2013.05.27 13:14:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 13:14:50 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2013.05.27 12:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.27 08:58:18 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 08:58:18 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 08:55:05 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.27 08:55:05 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.27 08:55:05 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.27 08:55:05 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.27 08:55:05 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.25 20:17:14 | 000,039,424 | ---- | M] () -- C:\Users\Birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.16 16:05:11 | 000,292,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 22:48:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 22:48:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.14 10:45:07 | 000,012,957 | ---- | M] () -- C:\Users\Birgit\Desktop\Stromverbrauch.ods [2013.05.07 16:17:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] * ========== Files Created - No Company Name ========== * [2013.05.14 11:42:38 | 000,044,289 | ---- | C] () -- C:\Users\Birgit\Doctor Who - 07x06 - The Bells of Saint John.TLA.English.C.orig.Addic7ed.com.srt [2013.05.14 11:42:38 | 000,044,289 | ---- | C] () -- C:\Users\Birgit\Doctor Who - 07x06 - The Bells of Saint John.FoV.English.C.orig.Addic7ed.com.srt [2013.05.07 16:17:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.07.28 12:10:18 | 000,003,054 | ---- | C] () -- C:\Users\Birgit\.heldEinstellungen4_1.xml [2012.07.28 12:10:17 | 000,000,266 | ---- | C] () -- C:\Users\Birgit\.dsa4.properties [2011.11.02 17:33:14 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI [2010.10.09 14:59:10 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.04.10 17:09:39 | 000,039,424 | ---- | C] () -- C:\Users\Birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini * ========== ZeroAccess Check ========== * [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini * [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 * [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] * [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 * [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] * [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment * [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment * [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free * [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free * [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both * [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.05.2013 13:17:27 - Run 2 OTL by OldTimer - Version 3.2.69.0**** Folder = E:\Eigene Dateien\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy * 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,28% Memory free 7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] * %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 5,64 Gb Free Space | 9,65% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32 Drive E: | 852,92 Gb Total Space | 516,13 Gb Free Space | 60,51% Space Free | Partition Type: NTFS * Computer Name: MIRAYA | User Name: Birgit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days * ========== Extra Registry (SafeList) ========== * * ========== File Associations ========== * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) * [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) * [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Firefox\firefox.exe (Mozilla Corporation) * ========== Shell Spawning ========== * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VLCPlayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation) Directory [PlayWithVLC] -- "E:\Programme\VLCPlayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) * [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VLCPlayer\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation) Directory [PlayWithVLC] -- "E:\Programme\VLCPlayer\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) * ========== Security Center Settings ========== * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01* [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] * ========== Firewall Settings ========== * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 * ========== Authorized Applications List ========== * * ========== Vista Active Open Ports Exception List ========== * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00EDDFDE-638D-47AD-AEEB-F28221D853FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0A97BF46-C864-49B3-AEA9-BEC6469229F3}" = lport=445 | protocol=6 | dir=in | app=system | "{1375EB13-CD55-4067-9B85-FB6860573105}" = lport=138 | protocol=17 | dir=in | app=system | "{1602BBF3-BA6C-42A1-9F4D-EEAF3EB4F81D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2F70316A-BD4E-4ECA-9338-A41156DE5443}" = rport=138 | protocol=17 | dir=out | app=system | "{3D39FAEA-9BBB-495B-92FB-50DFAE67AA2C}" = rport=445 | protocol=6 | dir=out | app=system | "{430D82D9-36C0-44C1-BBDD-25B1D85D4F2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{43F0B528-A48C-4F89-90D6-20F6BEFCBA94}" = rport=10243 | protocol=6 | dir=out | app=system | "{515669E8-D525-4C48-BE16-986031759837}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{58344064-556C-4B90-8ACE-09F21E6A0D1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5962D8A9-93E5-4403-A25F-1E5D666C7982}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6BE95BCE-0371-487B-A4E5-59850FF4641A}" = rport=139 | protocol=6 | dir=out | app=system | "{79D741C4-B9B9-4948-B2B0-029B791FCB6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B018136-540E-49D1-836F-B74CDDDE5C4C}" = rport=137 | protocol=17 | dir=out | app=system | "{84DA4555-4CDC-425B-970B-2BE1BCA0D4AC}" = lport=2869 | protocol=6 | dir=in | app=system | "{8A04DCB8-38D5-4130-A10C-9EE368285604}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B3A44042-4C7C-4A64-AA98-5B4F37319457}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB3A2AC4-3506-4248-A1CB-0D1372EEDCBA}" = lport=139 | protocol=6 | dir=in | app=system | "{CFD347F5-13C0-4D12-9BB3-5D546AE28BB6}" = lport=10243 | protocol=6 | dir=in | app=system | "{D2AA0276-F9D3-4C8A-A8D8-8E49FCAF5419}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D8289A38-0D31-4E37-A123-E12B97501C95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D905AE21-A732-42DE-9DCE-00A071E66636}" = lport=137 | protocol=17 | dir=in | app=system | "{D9E8203E-5F0F-4605-B287-E68A1F2C32A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E5AD32C7-5970-44B3-A94A-19065BA37CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | * ========== Vista Active Application Exception List ========== * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{038AD83F-7DC3-461A-A0DE-25FE22F0604E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{06D6D56C-4C70-4B6D-B3A7-22CAF5D2818D}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.0-dede-downloader.exe | "{0D8189E1-D1D6-4C9B-9E80-DDCA1ACA096E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CDE9536-67C9-4AA6-993B-A73240BE5F4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1CE8CDFE-84F7-4946-9228-D388BFE7FC81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21A1EA0B-24BF-4788-8962-B2FD7E28557D}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\monkey2\monkey2.exe | "{2EB8725A-9D68-4142-979F-37D75BCF819A}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\blizzard downloader.exe | "{333F47BE-5F86-4ABA-8E1D-F7F1A47D5894}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | "{3492D12F-BE91-4F8D-8664-74D6CC7AB48D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{37035965-691E-48BC-8813-DB8E8F48DC5D}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.0-dede-downloader.exe | "{38767441-D93D-45AD-900F-23C3103472EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3C3D76EF-F711-424B-9070-9943CE5C5C3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5130C183-74AC-474E-B9B4-A67B13CAEA86}" = protocol=17 | dir=in | app=c:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe | "{573A1D3F-3DE3-4EA7-A2D3-D590B82E962C}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{5C5F5CD4-EE5F-4DC2-9567-4D7C00DF489B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{60FD1186-C3C5-425D-A1EC-CA89A7B767C7}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{69BD16FD-CCC8-483F-B360-0571C30DAA8C}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | "{85115084-76DD-47F8-8482-FF016873606B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{98E8E9A0-6BFD-4BD8-B70F-B1478A9FA4E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A569CD86-FB23-4CA6-BEEE-018AB0110B4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AA0BE7AA-3FD4-457A-BC6E-1609449E64A9}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | "{AA7E0F00-C0E2-4207-9E61-DC0E443EE5A3}" = protocol=6 | dir=out | app=system | "{B24CEAE8-7547-42E0-9B99-58DCB98BD2B1}" = protocol=6 | dir=in | app=e:\spiele\steam\steam.exe | "{B437F5AB-9D70-4BE8-A1B6-FBB3549EA4AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B4999FFC-0CE3-4C6C-8D67-EE9818C8042C}" = protocol=58 | dir=in | app=system | "{B5EF0770-C877-4B46-8520-DF18C700444E}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\blizzard downloader.exe | "{B887639A-7671-4E0A-A6C5-E97B73E79356}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B9599FD9-2EF5-40EC-A545-6054780BD9D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA12D421-505C-4749-BCBE-C82F1F180161}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BDACDDF6-EFCE-4892-B8E4-7CDCAA6A1B95}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{BF1BF323-2CA7-4104-A77B-82A4ED986772}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BFE4E420-D0EC-403F-9639-24C84D5FEA34}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\monkey2\monkey2.exe | "{C1192889-16F7-468E-8621-8359A649A9D1}" = protocol=17 | dir=in | app=e:\spiele\steam\steam.exe | "{C582DE95-9F71-4223-8EEA-97751FF03F2D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{C70BA8D1-E28B-44AE-9B6E-FB5022CBAFC4}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | "{CF1886EB-0A2F-4533-A073-25A06D587340}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{DA124633-5D1C-4F60-966B-F16ED9C9B514}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1B99D80-99A5-4BD4-9655-D95922851DC4}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{E2DB9F37-2967-4A54-88A0-8AA0E5FE4928}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E47E11B8-C125-4544-BF57-C542A3986741}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9CCF01B-5F61-447B-BE7F-1EEC57486746}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F037DA3C-AD19-45FC-8082-089F5849BB1F}" = protocol=6 | dir=in | app=c:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe | "{F1E4D70A-A656-4827-9531-27F355729E84}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{F824AC7A-BB85-4F52-8366-610AF9C84AD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA6895B8-AD0B-4AF7-A165-F726E268387C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{03D0CAB0-58E2-4EBA-A67D-22B0F765F6F2}E:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\programme\miranda im\miranda32.exe | "TCP Query User{227F1FC3-1FBF-4C0D-8E35-F10F7978595F}C:\users\birgit\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\birgit\appdata\local\temp\gw2.exe | "TCP Query User{51FFB4B1-135B-4418-8D7E-9242A4AA43F2}E:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\programme\winamp\winamp.exe | "TCP Query User{52EB2BE0-D156-4CDB-AA54-1ABBC815C746}E:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=e:\spiele\guild wars 2\gw2.exe | "TCP Query User{648070BE-42E1-4B45-833B-3A3CEE196556}E:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=e:\programme\mozilla firefox\firefox.exe | "TCP Query User{697DCD0D-9D95-4CA9-BA1D-C1451AF4A972}E:\programme\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\programme\miranda im\miranda32.exe | "TCP Query User{6F125C09-1E85-4FD3-9EDC-9E7BD1A6F198}E:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | "TCP Query User{FABEFC54-6581-4B97-B980-F8853A407E2F}C:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{0AEA4D8F-4156-417D-91D0-98E8794CE721}E:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=e:\programme\mozilla firefox\firefox.exe | "UDP Query User{33E84621-D60C-4A97-A1D9-C94A2E43571E}E:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | "UDP Query User{495DE37E-FF6F-4B97-8874-ACAEABDE00D7}E:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\programme\miranda im\miranda32.exe | "UDP Query User{6A7BC491-A637-45A8-986A-49BE4371C18E}C:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\birgit\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{7C47D33A-5CF4-4E15-8E75-CE495DAFFD4C}E:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=e:\spiele\guild wars 2\gw2.exe | "UDP Query User{80A5B389-9A04-4F02-AA0C-86D4DF79765F}E:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\programme\winamp\winamp.exe | "UDP Query User{9CFB14BC-3DFD-4E29-BBAA-C28B9C346F32}C:\users\birgit\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\birgit\appdata\local\temp\gw2.exe | "UDP Query User{A8750FD3-9CD1-4CA7-9AD7-EF9229CCF8F8}E:\programme\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\programme\miranda im\miranda32.exe | * ========== HKEY_LOCAL_MACHINE Uninstall List ========== * 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "WinRAR archiver" = WinRAR * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{50AC4BCB-F2C7-4BD6-B216-02FE16E7D03C}" = calibre "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65EB09A3-993B-401E-8936-C9708CBFAB26}" = FinePixViewer YTUPL "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{ED1674F5-5165-49BF-B546-AE5343111540}" = SPEEDLINK SNAPPY Smart Webcam "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010* x86 Redistributable - 10.0.40219 "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon Kindle" = Amazon Kindle "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Free Antivirus "Bass Audio Decoder" = Bass Audio Decoder (remove only) "CCleaner" = CCleaner "CD Audio Reader Filter" = CD Audio Reader Filter (remove only) "CDex" = CDex extraction audio "CloneDVD2" = CloneDVD2 "DAEMON Tools Lite" = DAEMON Tools Lite "DCoder Image Source" = DCoder Image Source (remove only) "Deponia" = Deponia "DirectVobSub" = DirectVobSub (remove only) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "FFMPEG Core Files" = FFMPEG Core Files (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "Guild Wars 2" = Guild Wars 2 "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.7 "Miranda IM" = Miranda IM 0.10.2 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only) "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only) "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "Picasa 3" = Picasa 3 "Rainlendar2" = Rainlendar2 (remove only) "RealMedia" = RealMedia (remove only) "Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1 "S3" = Die Siedler III Gold Edition "Schriftenbibliothek_is1" = Schriftenbibliothek "Steam App 32360" = The Secret of Monkey Island: Special Edition "Steam App 32460" = Monkey Island 2: Special Edition "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.5 "Watermark Image_is1" = Watermark Image software version 2.1.4.2 "Winamp" = Winamp "World of Warcraft" = World of Warcraft "ZoomPlayer" = Zoom Player (remove only) * ========== HKEY_CURRENT_USER Uninstall List ========== * [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox * ========== Last 20 Event Log Errors ========== * [ Application Events ] Error - 07.05.2013 09:37:18 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 09.05.2013 06:28:46 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 13.05.2013 09:28:06 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 13.05.2013 10:37:14 | Computer Name = Miraya | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, *Zeitstempel: 0x51650aee* Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, *Zeitstempel: 0x51650a09* Ausnahmecode: 0xc0000005* Fehleroffset: 0x000b10e8* ID des fehlerhaften *Prozesses: 0xc0c* Startzeit der fehlerhaften Anwendung: 0x01ce4fd93b0d7de7* Pfad der *fehlerhaften Anwendung: E:\Programme\Firefox\firefox.exe* Pfad des fehlerhaften Moduls: *E:\Programme\Firefox\xul.dll* Berichtskennung: 99d1b778-bbda-11e2-9520-00242106c2fc * Error - 16.05.2013 11:25:53 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 18.05.2013 17:00:25 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 19.05.2013 09:15:57 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 24.05.2013 03:20:55 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 25.05.2013 05:19:47 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * Error - 27.05.2013 04:34:11 | Computer Name = Miraya | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files *(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- *oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" *in Zeile 2.* Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. * [ System Events ] Error - 27.05.2013 02:39:20 | Computer Name = Miraya | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" *mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:** %%1330*** Vergewissern *Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft *Management Console (MMC). * Error - 27.05.2013 02:39:20 | Computer Name = Miraya | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden *Fehlers nicht gestartet:** %%1069 * Error - 27.05.2013 02:50:37 | Computer Name = Miraya | Source = Application Popup | ID = 875 Description = Treiber atksgt.sys konnte nicht geladen werden. * Error - 27.05.2013 02:50:37 | Computer Name = Miraya | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: ** %%1275 * Error - 27.05.2013 02:53:14 | Computer Name = Miraya | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" *mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:** %%1330*** Vergewissern *Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft *Management Console (MMC). * Error - 27.05.2013 02:53:14 | Computer Name = Miraya | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden *Fehlers nicht gestartet:** %%1069 * Error - 27.05.2013 07:15:03 | Computer Name = Miraya | Source = Application Popup | ID = 875 Description = Treiber atksgt.sys konnte nicht geladen werden. * Error - 27.05.2013 07:15:03 | Computer Name = Miraya | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: ** %%1275 * Error - 27.05.2013 07:17:26 | Computer Name = Miraya | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" *mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:** %%1330*** Vergewissern *Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft *Management Console (MMC). * Error - 27.05.2013 07:17:26 | Computer Name = Miraya | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden *Fehlers nicht gestartet:** %%1069 * * < End of report > |
27.05.2013, 12:50 | #4 |
/// the machine /// TB-Ausbilder | Delta Search lässt sich nicht entfernen sieht gut aus. Downloade Dir bitte SecurityCheck und:
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2013, 13:00 | #5 |
| Delta Search lässt sich nicht entfernen Hier das Log von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner JavaFX 2.1.0 Java(TM) 6 Update 18 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
27.05.2013, 13:06 | #6 |
/// the machine /// TB-Ausbilder | Delta Search lässt sich nicht entfernen alte Java Versionen deinstallieren Adobe reader updaten noch Probleme?
__________________ --> Delta Search lässt sich nicht entfernen |
27.05.2013, 13:18 | #7 |
| Delta Search lässt sich nicht entfernen Adobe hab ich heute noch aktualisiert, aber ich werd mal die neueste Version davon holen und die alten Java-Versionen rauswerfen. Vielen Dank auf jeden Fall für deine schnelle Hilfe. Sonst bestehen keine weiteren Probleme. |
27.05.2013, 13:21 | #8 |
/// the machine /// TB-Ausbilder | Delta Search lässt sich nicht entfernen AdwCleaner öffnen > Uninstall OTL öffnen > Button Bereinigung drücken fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Delta Search lässt sich nicht entfernen |
angemeldet, bli, delta, einfach, entfernen, firefox, folge, folgen, hallo zusammen, laufen, lässt sich nicht entfernen, neu, neue, neuen, probleme, scan, search, suchmaschine, tab, thema, thread, verschiedene, verschwunden, versucht, zusammen |