|
Log-Analyse und Auswertung: IE Browserhomepage Qvo6 Suchmaschine nicht änderbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.07.2013, 22:27 | #1 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo Trojanerboard-Team, hab mir irgendwie den Qvo6 Virus eingefangen. Homepages von Firefox, Chrome und IE werden von der Qvo6 Suchmaschine belegt und ist nicht aenderbar. Ausserdem werden seitdem Werbebanner in Browserfenster eingeblendet, die ich vorher so nicht gesehen hab. Zu guter letzt waren zum selben Termin wie der Qvo6 2 weitere dubiose Programme installiert (WebCake 3.00 und Pro-HD-2.3) die ich nur mit Muehe loeschen / deinstallieren konnte - die aber vielleicht noch irgendwo schlummern. Ich hab einiges geloescht / deinstalliert: Firefox, Chrome, Java6, Adobe, CCleaner, Avira und was ich sonst so an laenger nicht mehr gebrauchten Programmen auf dem Rechner hatte, aber der IE startet immer noch mit der Qvo6 Seite auf. Defogger, OTL und GMER hab ich durchgefuehrt, Letzteres ist nicht durchgelaufen. Code:
ATTFilter OTL logfile created on: 15.07.2013 22:09:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pschwabeland\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,60% Memory free 7,80 Gb Paging File | 6,44 Gb Available in Paging File | 82,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 219,62 Gb Free Space | 76,79% Space Free | Partition Type: NTFS Computer Name: PSCHWABELAND-PC | User Name: pschwabeland | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.15 19:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.02.06 07:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.09.24 14:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.07.11 20:50:51 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll MOD - [2013.07.11 09:59:37 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll MOD - [2013.07.10 23:53:18 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b756ddf227abba4dd83b3210c01093bd\System.Windows.Forms.ni.dll MOD - [2013.07.10 23:53:07 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll MOD - [2013.07.10 23:53:01 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll MOD - [2013.07.10 23:52:55 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll MOD - [2013.07.10 23:52:50 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll MOD - [2013.07.10 23:52:49 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll MOD - [2013.07.10 23:52:40 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll MOD - [2013.07.10 23:52:39 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll MOD - [2013.07.10 23:52:35 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll MOD - [2013.07.10 23:41:36 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.26 20:42:30 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.30 23:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.13 11:47:00 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.15 06:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.11 06:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE - HKCU\..\SearchScopes,DefaultScope = {15A91B15-B6A9-4C32-BC4C-DE67CE040AF3} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4AD3C217FEB5D92C&affID=119357&tt=250613_gr5&tsp=4928 IE - HKCU\..\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "qvo6" FF - prefs.js..browser.search.defaultthis.engineName: "Motorsport-Total.com Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1591225&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "qvo6" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "qvo6" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.peterschwabeland.de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: 7125a285-7e68-47aa-9d72-e81874f4d47e%40d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com:0.91.9 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822 FF - prefs.js..extensions.enabledAddons: %7B42e0ced7-806f-4983-af54-92bdeefee519%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) [2010.06.26 18:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Extensions [2013.07.14 19:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions [2013.07.12 00:19:31 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{42e0ced7-806f-4983-af54-92bdeefee519} [2013.05.10 16:45:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.12 00:24:42 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\plugin@getwebcake.com [2012.12.13 06:49:43 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.09 16:57:25 | 000,002,306 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\askcomsearch.xml [2013.06.29 23:57:11 | 000,006,545 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\babylon.xml [2011.12.15 17:21:38 | 000,000,943 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\conduit.xml [2013.06.29 23:57:24 | 000,001,294 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\delta.xml [2013.07.03 21:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.03 21:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.07.03 21:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\PSCHWABELAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5D2R7BH.DEFAULT\EXTENSIONS\7125A285-7E68-47AA-9D72-E81874F4D47E@D3FCDB92-135D-4A8A-8CF6-11E3B57C5FDA.COM O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\pschwabeland\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA9548F9-8922-4868-AEB0-7E26ECAC2199}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.15 19:50:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe [2013.07.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Malwarebytes [2013.07.13 11:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.13 11:52:00 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\Programs [2013.07.12 00:24:42 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\WebCake [2013.07.12 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.07.12 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\eIntaller [2013.07.12 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Dealply [2013.07.12 00:19:30 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.07.12 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2013.07.12 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\SwvUpdater [2013.07.11 22:24:57 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\TuneUp Software [2013.07.11 22:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.07.11 22:20:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.07.11 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\MFAData [2013.07.11 22:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.07.03 21:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.29 23:56:52 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\DSite [2013.06.29 23:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter [2013.06.29 23:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.29 23:56:47 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Babylon [2013.06.19 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2009.10.20 01:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.07.15 22:06:07 | 000,000,000 | ---- | M] () -- C:\Users\pschwabeland\defogger_reenable [2013.07.15 22:04:23 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Acer Registration Data Sending.job [2013.07.15 22:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.15 20:02:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 20:02:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 19:55:15 | 3143,311,360 | -HS- | M] () -- C:\hiberfil.sys [2013.07.15 19:53:20 | 000,377,856 | ---- | M] () -- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe [2013.07.15 19:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe [2013.07.15 19:50:08 | 000,050,477 | ---- | M] () -- C:\Users\pschwabeland\Desktop\Defogger.exe [2013.07.15 19:06:04 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.07.14 18:29:41 | 000,000,976 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130714_182938.reg [2013.07.13 12:09:00 | 000,012,154 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130713_120855.reg [2013.07.13 11:26:13 | 000,009,902 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130713_112609.reg [2013.07.12 17:16:24 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.12 17:16:24 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.12 17:16:24 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.12 17:16:24 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.12 17:16:24 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 09:49:38 | 000,025,380 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130711_094933.reg [2013.07.11 08:39:58 | 000,441,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.02 22:06:40 | 000,014,970 | ---- | M] () -- C:\Users\pschwabeland\Documents\Adressen.odt [2013.06.29 23:57:07 | 000,000,000 | ---- | M] () -- C:\END [2013.06.29 19:22:50 | 000,004,533 | ---- | M] () -- C:\Users\pschwabeland\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf [2013.06.29 19:22:07 | 000,010,455 | ---- | M] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048.pfx [2013.06.24 19:00:24 | 000,026,758 | ---- | M] () -- C:\Users\pschwabeland\Documents\20120325_psc_Zahlungsverkehr_Vermoegensuebersicht_Lebensplanung.ods ========== Files Created - No Company Name ========== [2013.07.15 22:06:07 | 000,000,000 | ---- | C] () -- C:\Users\pschwabeland\defogger_reenable [2013.07.15 19:53:20 | 000,377,856 | ---- | C] () -- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe [2013.07.15 19:50:08 | 000,050,477 | ---- | C] () -- C:\Users\pschwabeland\Desktop\Defogger.exe [2013.07.14 19:15:13 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.07.14 18:29:40 | 000,000,976 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130714_182938.reg [2013.07.13 12:08:59 | 000,012,154 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130713_120855.reg [2013.07.13 11:26:11 | 000,009,902 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130713_112609.reg [2013.07.11 09:49:36 | 000,025,380 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130711_094933.reg [2013.06.29 23:56:53 | 000,000,000 | ---- | C] () -- C:\END [2013.06.29 19:22:50 | 000,004,533 | ---- | C] () -- C:\Users\pschwabeland\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf [2013.06.29 19:20:41 | 000,010,231 | ---- | C] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048 - Kopie.pfx [2013.05.10 16:42:46 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini [2013.02.28 19:34:20 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.28 19:34:20 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.08.08 18:52:04 | 000,010,455 | ---- | C] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048.pfx ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.06.23 11:31:52 | 000,000,000 | -HSD | M] -- C:\Users\pschwabeland\AppData\Roaming\.# [2013.06.29 23:56:47 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Babylon [2013.07.12 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Dealply [2013.06.29 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DSite [2012.06.29 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft [2012.06.29 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers [2013.07.12 00:19:34 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\eIntaller [2012.08.05 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\elsterformular [2010.06.23 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\GameConsole [2010.06.26 20:47:09 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\OpenOffice.org [2010.09.20 00:00:52 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\PhotoScape [2012.10.16 23:31:07 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Samsung [2012.12.06 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\TeamViewer [2013.05.10 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Telekom [2012.06.13 23:48:27 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Temp [2013.07.11 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\TuneUp Software [2013.07.13 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\WebCake [2012.05.13 22:38:30 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:93DE1838 < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.07.2013 22:09:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pschwabeland\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,60% Memory free 7,80 Gb Paging File | 6,44 Gb Available in Paging File | 82,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 219,62 Gb Free Space | 76,79% Space Free | Partition Type: NTFS Computer Name: PSCHWABELAND-PC | User Name: pschwabeland | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0629AD4A-EAAF-412F-A525-8E6C59BA903D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{090DDFD4-9C9F-4525-89B5-EA9970CD5CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0C61BB2B-59D3-4B2D-B4AA-F8D6DD16EBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{112ED4A7-3C70-4760-99CD-24F4174DB819}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{145A4BE5-8190-4236-92DF-5030F664EABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2D3C8CBB-83C2-45C1-8CC3-94EF568C0C9F}" = lport=137 | protocol=17 | dir=in | app=system | "{34B5B39A-291E-432F-9D25-49ABB47EE9BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45D9186D-C8B2-485F-9CA9-6B19FE402B50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{574EEDD6-A9A6-4F84-994E-F3CC0151D226}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E3B0056-143B-4C51-B0FA-BE948840ADCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6C9E1CE3-CDC5-413E-8F85-0E8459AC8A7B}" = rport=137 | protocol=17 | dir=out | app=system | "{71560217-8F6B-404C-92B9-0F85E7E79BA2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{784AF628-D970-4D07-9486-CF2E59951353}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7CA441ED-2C98-489C-ADA7-5AB374CAC0CF}" = rport=10243 | protocol=6 | dir=out | app=system | "{7D569C0A-28AF-41AB-A33B-6E4887117D58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{853805D5-A4FB-438F-B7B7-29638DBA9104}" = lport=2869 | protocol=6 | dir=in | app=system | "{A46F7E2E-0120-440F-856A-B9E407291BDE}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC2AF637-6772-4157-AE27-DBC0FB95BEA7}" = rport=139 | protocol=6 | dir=out | app=system | "{B35E0475-814E-4A8F-A83D-69B1575A1DA0}" = lport=138 | protocol=17 | dir=in | app=system | "{C03C33F1-8B7D-40A3-A626-F1792AC44979}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3617B2B-7A0B-46E9-9177-165B5D093798}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C769520E-2218-4B88-8E13-BD35E965B71A}" = rport=138 | protocol=17 | dir=out | app=system | "{D09B0E70-DA38-4FC0-88F4-788254EF2A2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D3248EFD-A364-42DE-B8FF-DAA369704E1D}" = rport=445 | protocol=6 | dir=out | app=system | "{D4DB4165-E729-4D0B-A46C-673D76E245A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6B3BBA7-42A0-4865-BFAF-9EAFB69AF0C2}" = lport=2869 | protocol=6 | dir=in | app=system | "{DA6492A4-33E1-4C6E-9C04-30841FDEF7D5}" = lport=139 | protocol=6 | dir=in | app=system | "{F5A83D0E-D2F0-4082-8726-7B76F0C9C978}" = lport=445 | protocol=6 | dir=in | app=system | "{F638181B-882B-4DC9-A539-819D1A92DE2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7E9C217-D17C-4F82-8003-429B37861641}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F8C2C05E-8239-422E-BD56-7B221D203CCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008F097E-9B6C-4303-A7EA-610794AE8309}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{07213F31-2ED4-4995-A146-8C61FB57D39E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0CD670F3-A6EB-4D18-AD61-F5FDF2EA7E09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CEBD364-5F44-4588-9107-960FCC6E23B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D25F55E-1AAF-4780-9616-7AACA7A8B015}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{12BEB1D0-ECE1-4E17-B95B-BD497DD4EA91}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1631B08F-A6DD-4FC0-BDC8-9264F5291582}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1776941D-E03B-4F6B-9D4E-0A3855033752}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{1D4C0530-D206-4323-9C1D-C3C24992364B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{21E20B11-12BB-4E6C-A7C5-98996957DC0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{224608ED-3193-49DC-B9E0-23FA9DD5EB74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2C305228-A5B8-4C23-AAE2-84698D05E18D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{336DCE19-306D-41C0-9C75-108208ECAF91}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{35C93A56-0BB6-4E26-947E-436B80F6C467}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{35FCCDC3-D08A-43B8-ABD4-DC57722868A3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{3644AC99-B2AF-49F1-9175-1C6E122BD010}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{36D2A899-2724-48A0-B923-5A75E813D72C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{3DAF0691-DE61-4ECA-B1EF-CC9DD70314C3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{40EB7E13-0771-48B0-8F0E-148FCA217F13}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{4282F7D2-F5A8-49AE-BB5C-B43A2611AB7D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{429EACA5-DA44-484D-B276-C3AB4FF6B97D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4A1E1A32-091C-4901-80DB-E7BC37696649}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{4E8EB3BE-5FCA-4673-B5FE-0DD6FFAF4321}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{575DB7D0-82B4-4FD3-8BE2-F4F8281807E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5798B28F-A26B-40D4-966C-78D25C11EB8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5ACCC750-A980-4E68-8FCD-A3F1CE08F0D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6148975B-08E7-4880-9456-EF94EE377311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64869A43-8F32-4E50-80E0-CB25FE5E3C8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6ED5DBDA-E194-49F9-90D3-D80B399599F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{704F2C6B-7AEF-4DD0-8A6F-016D095AEE19}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{71F501C8-40C5-4E94-9C1D-3F2CFEF32C79}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{84DDEC36-CFCA-4921-8017-AA80497EC685}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C3236F4-3F3D-44E0-AFAB-BBE7D26A084D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{94A754A4-FCA1-466C-86FE-04D3507DC017}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{97B4E4F3-7CB4-47F7-9BC1-8D82E4AB2708}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{97E79A2A-4A5B-43BC-A55B-1BDE05D39E9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{98764F4D-007C-47E9-A47E-D1FD6708782E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{98845ED0-E020-420B-8E11-BB291AE97240}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9DD26D3B-6B3C-44E1-AE53-07914330CA57}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{9E478C00-CC27-42D7-8D3B-4541F96A58A5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{A0D45E68-920E-4B31-8823-0AEA78D157A2}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B1D977E3-118C-4199-9297-00B29EE241C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B220432A-E5F8-4EE6-8FA5-D6CB55364796}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B7A8755F-4221-4066-A285-B521FC27CE3A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B80697CA-3616-427E-AC87-09906343C685}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BD0B6D3F-D83A-4FF4-A3D4-F6A5014F5BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{C047785B-4DFD-4D0B-8992-CAE28A63FA50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DCB287B4-7A14-4EC0-8E90-450794A23863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E5A0045A-D525-46AC-8A68-110B9D5DF3F5}" = protocol=6 | dir=out | app=system | "{E6FBEBC7-A296-4276-8C89-1F9C9E85500C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EA2D36E4-145C-4AB0-A77A-DEF11721A0A4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EFCB162D-99E8-4781-A185-7E985B20A754}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F605479B-F935-42DA-A705-C067E9753A11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F743C471-0F92-4B45-BFF4-AA66C77B11EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF9D71C0-2CD7-4F9D-9679-CA95082C9778}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant HD Audio "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009 "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender "FastStone Capture" = FastStone Capture 5.3 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804 "Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627 "GridVista" = Acer GridVista "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LManager" = Launch Manager "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "PhotoScape" = PhotoScape "PROHYBRIDR" = 2007 Microsoft Office system "Telekom Fotoservice" = Telekom Fotoservice "VLC media player" = VLC media player 1.1.10 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mediencenter" = Mediencenter 3.7.0.2204 "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7040 Description = Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7042 Description = Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 9002 Description = Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3029 Description = Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3029 Description = Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3028 Description = Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3058 Description = Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7010 Description = Error - 13.07.2013 06:30:12 | Computer Name = pschwabeland-PC | Source = MsiInstaller | ID = 1041 Description = Error - 15.07.2013 14:15:33 | Computer Name = pschwabeland-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ Media Center Events ] Error - 23.06.2010 05:31:19 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0 Description = 11:31:18 - Fehler beim Herstellen der Internetverbindung. 11:31:19 - Serververbindung konnte nicht hergestellt werden.. Error - 23.06.2010 15:22:51 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0 Description = 21:22:51 - Fehler beim Herstellen der Internetverbindung. 21:22:51 - Serververbindung konnte nicht hergestellt werden.. Error - 24.06.2010 01:42:48 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0 Description = 07:42:48 - Fehler beim Herstellen der Internetverbindung. 07:42:48 - Serververbindung konnte nicht hergestellt werden.. Error - 24.06.2010 14:40:39 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0 Description = 20:40:39 - Fehler beim Herstellen der Internetverbindung. 20:40:39 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 25.07.2010 15:39:21 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 6153 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.08.2011 02:47:32 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1647 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.08.2011 18:21:31 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 585 seconds with 0 seconds of active time. This session ended with a crash. Error - 21.10.2012 17:00:08 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35913 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.07.2013 04:08:11 | Computer Name = pschwabeland-PC | Source = DCOM | ID = 10010 Description = Error - 11.07.2013 16:31:15 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 11.07.2013 16:32:30 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 11.07.2013 16:32:36 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 12.07.2013 03:02:01 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 12.07.2013 11:11:47 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 12.07.2013 11:11:50 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 15.07.2013 13:54:35 | Computer Name = pschwabeland-PC | Source = DCOM | ID = 10010 Description = < End of report > Jetzt hoff ich auf Eure Hilfe, ich komm offensichtlich mit meinem Dilettieren nicht weiter. Gruss, Fritz |
15.07.2013, 22:59 | #2 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbarIch bin smeenk und ich werde versuchen dir zu helfen Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Geändert von smeenk (15.07.2013 um 23:34 Uhr) |
16.07.2013, 07:28 | #3 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk,
__________________danke fuer die Antwort. Hab den scan gemacht. Unten ist das Log-file. Der IE hat NICHT mit Qvo6 aufgestartet, sondern wie frueher mit der von mir eingestellten site. Code:
ATTFilter Zoek.exe Version 4.0.0.4 Updated 14-July-2013 Tool run by pschwabeland on 16.07.2013 at 8:12:49,18. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 16.07.2013 08:14:10 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.peterschwabeland.de"); user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1591225&SearchSource=3&q={searchTerms}"); user_pref("browser.search.defaultengine", "Ask.com Search"); user_pref("browser.search.defaultenginename", "qvo6"); user_pref("browser.search.selectedEngine", "qvo6"); user_pref("browser.search.order.1", "qvo6"); user_pref("browser.search.useDBForOrder", true); Added to C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js: user_pref("browser.startup.homepage", "hxxp://www.peterschwabeland.de"); user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "hxxp://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default ---- Lines webcake removed from prefs.js ---- user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc"); user_pref("extentions.webcake.installId", "4af4d235-b92c-410c-a159-9a10f986d964"); ---- Lines webcake modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373581594858,\"rdfTime\":1371557658000}}},{\"name\":\"app-profile\",\"addons\":{\"7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\",\"mtime\":1372543021796,\"rdfTime\":1372543021515},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1373581482940,\"rdfTime\":1371740886000},\"{42e0ced7-806f-4983-af54-92bdeefee519}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{42e0ced7-806f-4983-af54-92bdeefee519}\",\"mtime\":1373581171813,\"rdfTime\":1367935180000},\"{635abd67-4fe9-1b23-4f01-e679fa7484c1}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\",\"mtime\":1372543155086,\"rdfTime\":1372543155086},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355374183408}}}]"); ---- Lines webcake removed from user.js ---- user_pref("extentions.webcake.installId", "4af4d235-b92c-410c-a159-9a10f986d964"); user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc"); ---- FireFox user.js and prefs.js backups ---- user__0815_.backup prefs__0815_.backup ==== Deleting Files \ Folders ====================== "C:\USERS\PSCHWABELAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5D2R7BH.DEFAULT\EXTENSIONS\7125A285-7E68-47AA-9D72-E81874F4D47E@D3FCDB92-135D-4A8A-8CF6-11E3B57C5FDA.COM" not found "C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\askcomsearch.xml" deleted "C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\babylon.xml" deleted "C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\conduit.xml" deleted "C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\delta.xml" deleted "C:\END" deleted "C:\Windows\wininit.ini" deleted "C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}" deleted "C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly" deleted "C:\Program Files (x86)\DealPly" deleted "C:\Users\pschwabeland\AppData\Local\SwvUpdater" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\pschwabeland\AppData\Roaming\Babylon" deleted "C:\Users\pschwabeland\AppData\Roaming\Dealply" deleted "C:\Users\pschwabeland\AppData\Roaming\DSite" deleted "C:\Users\pschwabeland\AppData\Roaming\eIntaller" deleted "C:\Users\pschwabeland\AppData\Roaming\WebCake" deleted "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\plugin@getwebcake.com" deleted ==== Registry Search Results for "qvo6" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN] "Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN] "Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] "DisplayName"="qvo6" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] "URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software] [HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] "DisplayName"="qvo6" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] "URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-07-14 17:15:13 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\PSCHWA~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-07-10 21:42:48 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-07-10 21:42:48 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-07-10 21:42:47 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-07-10 21:42:46 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-07-10 21:42:46 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-07-10 21:42:46 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-07-10 21:42:46 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 21:42:45 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-07-10 21:42:44 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-07-10 21:42:43 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-07-10 21:42:43 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-07-10 21:42:41 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-07-10 21:42:41 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-07-10 21:42:39 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-07-10 21:42:35 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-07-10 20:45:20 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2013-07-10 20:45:17 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 20:44:35 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-07-10 21:42:48 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-07-10 21:42:47 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-07-10 21:42:47 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-07-10 21:42:46 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-07-10 21:42:46 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-07-10 21:42:46 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-07-10 21:42:46 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-07-10 21:42:46 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-07-10 21:42:45 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-07-10 21:42:44 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-07-10 21:42:44 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-07-10 21:42:42 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-07-10 21:42:41 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-07-10 21:42:40 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-07-10 21:42:38 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-07-10 21:42:37 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-07-10 20:45:20 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2013-07-10 20:45:17 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2013-07-10 20:44:51 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-07-10 20:44:35 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2013-07-15 17:11:39 10AE76D908B1E58DBCA6E67A80C8E36E 3150 ----a-w- C:\Windows\Sysnative\Tasks\{6224C9D9-A907-42D7-ACD4-22A96332380D} 2013-07-11 22:19:32 D5F073456CE52EE8EDDD4CD5EBB4B2CA 3380 ----a-w- C:\Windows\Sysnative\Tasks\DealPlyUpdate 2013-07-11 20:25:14 9B7DD89F133CA1BD9830886D99F9EC12 3230 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute 2013-06-29 21:56:57 73BB4D7F93205C3E836C3605D51ECF52 3846 ----a-w- C:\Windows\Sysnative\Tasks\QtraxPlayer ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\Program Files (x86) ===== 2013-06-29 21:56:51 -------- d-----w- C:\Program Files (x86)\Image Converter ======= C: ===== 2013-07-13 15:00:51 C6600F24A08DA4DA7920358FAE2BF02A 13150 ----a-w- C:\AdwCleaner[R2].txt 2013-07-13 15:00:20 626E2AB859DD33C1D297A33B415696F4 13089 ----a-w- C:\AdwCleaner[R1].txt ====== C:\Users\pschwabeland\AppData\Roaming ====== 2013-07-13 09:52:00 -------- d-----w- C:\users\pschwabeland\AppData\Local\Programs 2013-07-11 20:24:57 -------- d-----w- C:\users\pschwabeland\AppData\Roaming\TuneUp Software 2013-07-11 20:20:59 -------- d-----w- C:\users\pschwabeland\AppData\Local\MFAData ====== C:\Users\pschwabeland ====== 2013-07-15 20:06:07 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\pschwabeland\defogger_reenable 2013-07-15 17:53:20 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe 2013-07-15 17:50:47 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\pschwabeland\Desktop\OTL.exe 2013-07-15 17:50:08 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\pschwabeland\Desktop\Defogger.exe 2013-07-11 20:24:12 -------- d-----w- C:\ProgramData\AVG2013 2013-07-11 20:20:59 -------- d--h--w- C:\ProgramData\Common Files 2013-07-11 20:20:59 -------- d-----w- C:\ProgramData\MFAData 2013-06-29 17:20:41 126529A214DC12F57FBEA22AF2A4DADB 10231 ----a-w- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048 - Kopie.pfx ====== C: exe-files == 2013-07-15 17:53:20 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe 2013-07-15 17:50:47 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\pschwabeland\Desktop\OTL.exe 2013-07-15 17:50:08 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\pschwabeland\Desktop\Defogger.exe 2013-07-15 17:45:22 76691D84F961717D9B03F39869DFB289 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$ICOPHR1.exe 2013-07-15 17:34:03 DBFB85B7E4C2B25A1F3A4275BB615BC0 793536 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RCOPHR1.exe 2013-07-15 17:32:50 AC0E4905E11A88BFF7C1D6DBEDB35D3D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IVIVJLO.exe 2013-07-15 17:32:46 ABFC7928D3D1C7BE80675AE2ADC7D5EC 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IBLGQFH.exe 2013-07-15 17:32:39 05FE60762BBCE833E9447C5FA9BEB4A6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IBE63WM.exe 2013-07-15 17:32:27 5EEB4B07F4233F575B6DF2B6B5226120 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IQI1EL0.exe 2013-07-13 09:51:31 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RBE63WM.exe 2013-07-11 22:16:58 103BC0577297E682CA1B5A7E783E26FC 157728 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RBLGQFH.exe 2013-07-11 20:21:09 DF5ADF896EE6C175C0B298BBA14BED49 42104 ----a-w- C:\ProgramData\MFAData\SelfUpd\avguirux.exe 2013-07-11 20:21:09 C44F12B72DF42A037E65713B0F50B9D8 7330384 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe 2013-07-11 20:21:09 A2DD738C3E673E76E5EA538702414BB7 15480 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe 2013-07-11 20:21:08 150DE281AA5F4DA6FECAB535F93EC7F4 270968 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe 2013-07-11 20:21:08 0214EC38CFEF72AA54F5243F9D689F04 621176 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe 2013-07-11 20:19:39 DB37618F6A72BAFE36077F3C2BFB5AA8 4411440 ----a-w- C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RVIVJLO.exe 2013-07-10 21:42:46 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-10 21:42:46 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-07-10 21:42:46 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 21:42:45 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-07-10 21:42:45 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe === C: other files == 2013-07-10 20:44:51 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Windows\CurrentVersion\Run] "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " ==== Startup Folders ====================== 2013-05-10 14:42:40 1165 ----a-w- C:\users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk 2010-06-26 18:47:40 1239 ----a-w- C:\users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk 2009-10-20 00:05:12 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Acer Registration Data Sending.job --a------ C:\Program Files (x86)\Acer\Registration\GREG.exe [28.08.2009 11:40] ==== Firefox Extensions ====================== ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default - DealPly Shopping - %ProfilePath%\extensions\{42e0ced7-806f-4983-af54-92bdeefee519} - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default 2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.16 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.microsoft.com/" "Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" "Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" "Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://www.peterschwabeland.de" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4AD3C217FEB5D92C&affID=119357&tt=250613_gr5&tsp=4928" {15A91B15-B6A9-4C32-BC4C-DE67CE040AF3} Ask Search Url="hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000" {33BB0A4E-99AF-4226-BDF6-49120163DE86} qvo6 Url="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== shortcuts in Users Start Menu ====================== C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177 C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ElsterFormular.lnk - C:\Program Files (x86)\ElsterFormular\bin\pica.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FastStone Capture.lnk - C:\Program Files (x86)\FastStone Capture\FSCapture.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice.org.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Telekom Fotoservice.lnk - C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== shortcuts After Repair ====================== C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== EOF on 16.07.2013 at 8:20:28,08 ====================== |
16.07.2013, 07:50 | #4 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Sieht gut aus
|
16.07.2013, 11:55 | #5 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, danke fuer die Antwort. Mach ich heut Abend nach der Arbeit. Heut morgen ist mir beim Aufraeumen noch aufgefallen, dass sich 2 Programme (FreeYoutubeDownload von DVDVideoSoft) nicht deinstallieren lassen. Ich hab die zwar vor nem Jahr runtergeladen und auch benutzt, aber das die Dinger nicht deinstallierbar sind kommt mir komisch vor. Gruss, Fritzz |
16.07.2013, 12:21 | #6 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo Fritzz Nehmen wir uns diese Programme auch mit in die Bereinigung |
16.07.2013, 19:11 | #7 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, Ja, die Programme FreeYoutubeDownload bitte auch deinstallieren. Hier das letzte zoek-logfile: Code:
ATTFilter Zoek.exe Version 4.0.0.4 Updated 14-July-2013 Tool run by pschwabeland on 16.07.2013 at 19:43:52,21. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results16.07.2013-0820.log 29865 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3} deleted successfully HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "de"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "4ad3a7b5000000000000c217feb5d92c"); user_pref("extensions.delta.instlDay", "15885"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.523:57:22"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250613_gr5&tsp=4928"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta modified from prefs.js ---- ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "4ad3a7b5000000000000c217feb5d92c"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15885"); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.523:57:22"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "de"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250613_gr5&tsp=4928"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines CT1591225 removed from prefs.js ---- ---- Lines CT1591225 modified from prefs.js ---- ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultthis.engineName", "Motorsport-Total.com Customized Web Search"); ---- Lines Web Search modified from prefs.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "13f91f2a0e6d98a9236534dc389585d4"); ---- Lines crossrider modified from prefs.js ---- ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- Lines browser.startup.page modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- user__0815_.backup user__1948_.backup prefs__0815_.backup prefs__1948_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] [-HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN] "Default_Page_URL"="hxxp://www.peterschwabeland.de" "Start Page"="hxxp://www.peterschwabeland.de" ==== Deleting Files \ Folders ====================== "C:\Users\pschwabeland\Downloads\sweetimsetup.exe" deleted "C:\windows\SysNative\Tasks\DealPlyUpdate" deleted "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\bProtector_extensions.rdf" deleted "C:\Users\pschwabeland\AppData\Roaming\Temp" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted "C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers" deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\Partner" deleted "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\CT1591225" deleted "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\CT1591225" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default - DealPly Shopping - %ProfilePath%\extensions\{42e0ced7-806f-4983-af54-92bdeefee519} - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default 2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.16 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}" deleted ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.peterschwabeland.de" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.peterschwabeland.de" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\pschwabeland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\pschwabeland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\PSCHWA~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 16.07.2013 at 20:01:49,51 ====================== |
16.07.2013, 20:03 | #8 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar
Geändert von smeenk (16.07.2013 um 20:12 Uhr) |
16.07.2013, 21:12 | #9 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, danke fuer das script. Hier ist das log: Code:
ATTFilter Zoek.exe Version 4.0.0.4 Updated 14-July-2013 Tool run by pschwabeland on 16.07.2013 at 22:00:40,32. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results16.07.2013-0820.log 29865 bytes C:\zoek-results16.07.2013-2001.log 10377 bytes ==== Deleting Files \ Folders ====================== "C:\Program Files (x86)\DVDVideoSoft*" not found "C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft" deleted ==== Folders Found ====================== 2011-08-11 19:25:17 2012-06-29 20:24:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2011-08-11 19:25:17 2012-06-29 20:24:21 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2011-08-11 19:25:25 2012-06-29 20:24:44 -------- d-----w- C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft 2011-09-11 20:31:41 2011-09-11 20:31:41 -------- d-----w- C:\Users\pschwabeland\Documents\DVDVideoSoft ==== Files Found ====================== ==== Registry Search Results for "Free YouTube Download" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\AppPaths] "FreeYouTubeDownload"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\AppPaths] "FreeYTVDownloader"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\UninstallPaths] "Free YouTube Download 3"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\unins000.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\UninstallPaths] "Free YouTube Download"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\unins000.exe /log=C:\\Users\\pschwabeland\\AppData\\Roaming\\DVDVideoSoft\\logs\\FreeYTVDownloader_uninstall.txt" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] "Inno Setup: App Path"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] "InstallLocation"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] "DisplayName"="Free YouTube Download 3 version 3.0.12.804" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] "DisplayIcon"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] "QuietUninstallString"="\"C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\unins000.exe\" /SILENT" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] "Inno Setup: App Path"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] "InstallLocation"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] "DisplayName"="Free YouTube Download version 3.1.30.627" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] "DisplayIcon"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] "QuietUninstallString"="\"C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\unins000.exe\" /SILENT" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45a7d04e_0] @="{0.0.0.00000000}.{7aece909-76b7-4193-b377-95791b456a5a}|\\Device\\HarddiskVolume3\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\633aa494_0] @="{0.0.0.00000000}.{7aece909-76b7-4193-b377-95791b456a5a}|\\Device\\HarddiskVolume3\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download] ==== Uninstall List x64 ====================== 2007 Microsoft Office system [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PROHYBRIDR] Acer Crystal Eye Webcam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7760D94E-B1B5-40A0-9AA0-ABF942108755}] Acer ePower Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}] Acer eRecovery Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F811A54-5A09-4579-90E1-C93498E230D9}] Acer GridVista [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GridVista] Acer Registration [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Registration] Acer ScreenSaver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Screensaver] Acer Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}] Acer VCM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}] Acrobat.com [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR] Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}] Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}] Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}] Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] Business Contact Manager fr Outlook 2007 SP2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}] Business Contact Manager fr Outlook 2007 SP2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Business Contact Manager] Conexant HD Audio [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] eBay Worldwide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}] ElsterFormular 2008 - 2009 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ElsterFormular 2008 - 2009 2008-2009] ElsterFormular fr Privatanwender [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ElsterFormular fr Privatanwender 12.3.2.6814p] FastStone Capture 5.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture] Free YouTube Download 3 version 3.0.12.804 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] Free YouTube Download version 3.1.30.627 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] Identity Card [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Identity Card] Intel(R) Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI] Intel© Matrix Storage Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}] InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}] InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}] iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF8FFD12-602B-422D-AF1D-511B411E7632}] Java 7 Update 25 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}] Java 7 Update 7 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417007FF}] Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}] Launch Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LManager] Mediencenter 3.7.0.2204 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mediencenter] Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}] Messenger Companion [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}] Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] Microsoft Office 2003 Web Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90A40407-6000-11D3-8CFE-0150048383C9}] Microsoft Office Language Pack 2007 - German/Deutsch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OMUI.de-de] Microsoft Office Live Add-in 1.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}] Microsoft Office Small Business Connectivity Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A939D341-5A04-4E0A-BB55-3E65B386432D}] Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D954C6C2-544B-4091-A47F-11E77162883E}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft SQL Server 2005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 2005] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}] Microsoft SQL Server Native Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C39E0D1-E138-42B1-B083-213EC2CF7692}] Microsoft SQL Server VSS Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350AA351-21FA-3270-8B7A-835434E766AD}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] MyFreeCodec [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec] NTI Backup Now 5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}] NTI Backup Now Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12EFA1A4-AC3B-443C-8143-237EDE760403}] NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2413930C-8309-47A6-BC61-5EF27A4222BC}] NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}] OpenOffice.org 3.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}] PhotoScape [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape] QuickTime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E64B098-8018-4256-BA23-C316A43AD9B0}] Realtek USB 2.0 Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}] Samsung Kies [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{758C8301-2696-4855-AF45-534B1200980A}] Samsung Kies [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\01_Simmental] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\02_Siberian] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\03_Swallowtail] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\04_semseyite] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\05_Sloan] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\06_Spencer] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\07_Schorl] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\08_EMPChipset] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\09_Hsp] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\11_HSP_Plus_Default] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\16_Shrewsbury] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\17_EMP_Chipset2] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\18_Zinia_Serial_Driver] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\19_VIA_driver] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\20_NXP_Driver] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\21_Searsburg] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\22_WiBro_WiMAX] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\24_flashusbdriver] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\25_escape] SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}] Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey] Telekom Fotoservice [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Telekom Fotoservice] Untersttzungsdateien fr das Microsoft SQL Server-Setup (Englisch) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07629207-FAA0-4F1A-8092-BF5085BE511F}] Visual C++ 2008 x86 Runtime - (v9.0.30729) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}] Visual C++ 2008 x86 Runtime - v9.0.30729.01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01] VLC media player 1.1.10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] Welcome Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Welcome Center] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2128559D-BBCD-4744-87F0-7C0CD5CFB464}] Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B113D18C-67B0-4FB7-B329-E89B66194AE6}] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1239994-A850-44E2-BED8-E70A21124E16}] Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}] Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}] Windows Live Mesh ActiveX control for remote connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5398A89-516C-4DAF-BA07-EE7949090E56}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}] Windows Live Messenger Companion Core [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4E88B54-4777-4659-967A-2EED1E6AFD83}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}] Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}] Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}] Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}] Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D930AF5C-5193-4616-887D-B974CEFC4970}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{76618402-179D-4699-A66B-D351C59436BC}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37B33B16-2535-49E7-8990-32668708A0A3}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859D4022-B76D-40DE-96EF-C90CDA263F44}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}] Windows Mobile-Ger„tecenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}] ==== EOF on 16.07.2013 at 22:04:58,92 ====================== |
16.07.2013, 22:28 | #10 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Nächster Schritte
Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
17.07.2013, 07:32 | #11 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, danke fuer script u. Programm. Die Logs folgen: Code:
ATTFilter oek.exe Version 4.0.0.4 Updated 14-July-2013 Tool run by pschwabeland on 17.07.2013 at 8:13:35,31. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results16.07.2013-0820.log 29865 bytes C:\zoek-results16.07.2013-2001.log 10377 bytes C:\zoek-results16.07.2013-2204.log 26877 bytes ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45a7d04e_0] [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\633aa494_0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download] [-HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft] ==== Deleting Files \ Folders ====================== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft" deleted "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft" deleted "C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft" deleted "C:\Users\pschwabeland\Documents\DVDVideoSoft" deleted ==== EOF on 17.07.2013 at 8:14:59,78 ====================== Code:
ATTFilter # AdwCleaner v2.305 - Datei am 17/07/2013 um 08:24:37 erstellt # Aktualisiert am 11/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : pschwabeland - PSCHWABELAND-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\pschwabeland\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [13089 octets] - [13/07/2013 17:00:20] AdwCleaner[R2].txt - [13150 octets] - [13/07/2013 17:00:51] AdwCleaner[S1].txt - [2759 octets] - [17/07/2013 08:24:37] ########## EOF - C:\AdwCleaner[S1].txt - [2819 octets] ########## |
17.07.2013, 08:30 | #12 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Sieht gut aus Downloade Dir bitte SecurityCheck und:
Merkst Du momentan noch einige Probleme? |
17.07.2013, 17:41 | #13 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, danke fuer die Antwort - das Programm lass ich heut abend nach der Arbeit laufen. Das Kernproblem (Homepage der Internet Browser hijacked by Qv06) ist beim IE verschwunden (Firefox und Chrome hab ich noch nicht wieder installiert) und auch die Werbebanner (z Bsp auf Spiegel online, oder Yahoo Mailbox) seh ich nicht mehr. Dank & Gruss, Fritzz hier das Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.69 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 25 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
17.07.2013, 22:29 | #14 |
/// Malwareteam / Visitor | IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Installiere Firefox und eventuell Chrome erneut und erzähle mir bitte ob diese auch wieder fehlerfrei funktionieren |
18.07.2013, 07:51 | #15 |
| IE Browserhomepage Qvo6 Suchmaschine nicht änderbar Hallo smeenk, habe die Probleme mit Qvo6, Plus-HD-2.3 u. WebCake 3.00 nicht mehr. Vielen Dank & beste Gruesse, Fritzz |
Themen zu IE Browserhomepage Qvo6 Suchmaschine nicht änderbar |
adobe, autorun, avg, avira, bho, bingbar, bonjour, ebay, error, excel, fehler, firefox, format, iexplore.exe, install.exe, java6, launch, logfile, microsoft office 2003, ms security essentials, msiinstaller, nicht änderbar, plug-in, qvo6 internet explorer, realtek, registry, richtlinie, rundll, scan, security, server, software, suchmaschine, svchost.exe, tarma, virus, windows |