Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Firefox öffnet ständig Popups

Firefox öffnet ständig Popups


Plagegeister aller Art und deren Bekämpfung: Firefox öffnet ständig Popups

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 27.06.2013, 20:14   #16
Fidus
 
Firefox öffnet ständig Popups - Standard

Firefox öffnet ständig Popups


Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 25-June-2013
Tool run by Kopp Dierkes on 25.06.2013 at 21:23:29,66.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Doro\AppData\Roaming\Mozilla\Firefox\Profiles\sf2d9wzj.default\prefs.js:
user_pref("browser.startup.homepage", "https://navigator.web.de/navigator/show?sid=86d0157f6f0042b34c70da7612ea0338bdc04988839a47e1b061a68b25ff199d3afb709afbd46bb1e3cb2e871848ef6e#home|https://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=https://www.google.com/calendar/render?tab%3Dwc%26pli%3D1%26gsessionid%3DZIvUkc7tWdG9uSM9uiM-Zg&followup=hxxp://www.google.com/calendar&scc=1|hxxp://www.gymnasium-walldorf.de/shp/index.php|hxxp://www.rs-walldorf.de/|hxxp://www.bibliotheken.bw-online.de/wwwopac-wiesloch/index.asp?DB=Wiesloch|hxxp://www.onlinetvrecorder.com/v2/index.php?go=home|https://www.facebook.com/?ref=logo");
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\Doro\AppData\Roaming\Mozilla\Firefox\Profiles\sf2d9wzj.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Jungs\AppData\Roaming\Mozilla\Firefox\Profiles\0diimaah.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\Jungs\AppData\Roaming\Mozilla\Firefox\Profiles\0diimaah.default\prefs.js:

Deleted from C:\Users\Kopp Dierkes\AppData\Roaming\Mozilla\Firefox\Profiles\q3mh1z6h.default\prefs.js:
user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\Kopp Dierkes\AppData\Roaming\Mozilla\Firefox\Profiles\q3mh1z6h.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\ProgramData\rebootpending.txt" deleted
"C:\Users\Kopp Dierkes\AppData\Roaming\Phase6" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Doro\AppData\Roaming\Mozilla\Firefox\Profiles\sf2d9wzj.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Kopp Dierkes\AppData\Roaming\Mozilla\Firefox\Profiles\q3mh1z6h.default
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de

==== Firefox Plugins ======================

Profilepath: C:\Users\Kopp Dierkes\AppData\Roaming\Mozilla\Firefox\Profiles\q3mh1z6h.default
3D76B5C0E02ECC19C1F5756E8FD97F72	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll -	Shockwave Flash
2EA4B85EF64CA48B792FEF23AEEF7DC1	- C:\Users\Kopp Dierkes\AppData\Roaming\Mozilla\plugins\NpFv530.dll -	Flatcast Viewer Plugin 5.3.0.784


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://acer.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://acer.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\users\Doro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Jungs\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Doro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\users\Jungs\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Doro\Desktop\Der Herr der Ringe Online™.lnk -  
C:\Users\Doro\Desktop\FlashGet.lnk - D:\Program Files (x86)\FlashGet\flashget.exe 
C:\Users\Doro\Desktop\Mp3tag.lnk - C:\Users\Doro\Mp3tag\Mp3tag.exe 
C:\Users\Doro\Desktop\Netzwerk- und Freigabecenter - Verknüpfung.lnk -  
C:\Users\Doro\Desktop\qotr - Verknüpfung.lnk -  
C:\Users\Jungs\Desktop\FlashGet downloads.lnk - D:\Program Files (x86) 
C:\Users\Jungs\Desktop\FlashGet.lnk - D:\Program Files (x86)\FlashGet\flashget.exe 
C:\Users\Jungs\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Kopp Dierkes\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe 
C:\Users\Kopp Dierkes\Desktop\DC Universe Online PSG.lnk - C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online PSG\LaunchPad.exe 
C:\Users\Kopp Dierkes\Desktop\FlashGet downloads.lnk - D:\Program Files (x86) 
C:\Users\Kopp Dierkes\Desktop\FlashGet.lnk - D:\Program Files (x86)\FlashGet\flashget.exe 
C:\Users\Kopp Dierkes\Desktop\Star Wars The Force Unleashed.lnk - D:\Program Files (x86)\Star Wars The Force Unleashed\SWTFU Launcher.exe 
C:\Users\Phase 6\Desktop\FlashGet downloads.lnk - D:\Program Files (x86) 
C:\Users\Phase 6\Desktop\FlashGet.lnk - D:\Program Files (x86)\FlashGet\flashget.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Public\Desktop\phase-6 desktop.lnk - C:\Program Files (x86)\phase-6\phase-6\phase-6.exe 
C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\RCT3plus.exe 
C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp acerlt

==== shortcuts in Users Start Menu ======================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk - C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk - C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\RollerCoaster Tycoon® 3.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\The Happy Cloud.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud\Uninstall.lnk - C:\ProgramData\HappyCloud\Application\uninstaller.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Community Website.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Deinstallieren Der Herr der Ringe Online™.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Der Herr der Ringe Online™.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Kundendienst von Turbine.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\README.lnk - D:\HappyCloud\Cache\The Lord of the Rings Online\de\README.txt 
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Turbine, Inc..lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine\The Lord of the Rings Online\Turbinekonto Verwalten.lnk -  
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk - C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Handbuch.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\RCT3_MANUAL_DEU.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Liesmich.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\Readme.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\RollerCoaster Tycoon 3 deinstallieren.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\uninst\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\RollerCoaster Tycoon 3.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\RCT3plus.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Soaked-Handbuch.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\RCT3S_MANUAL_DEU.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Soaked-Readme.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\Soaked_Readme.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Wild-Handbuch.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\RCT3W_MANUAL_DEU.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Wild-Readme.lnk - D:\Program Files (x86)\RollerCoaster Tycoon 3\Wild_Readme.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Star Wars The Force Unleashed.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk - C:\Windows\SysWOW64\msiexec.exe /x {EA561FC0-A965-11E2-94D3-B8AC6F98CCE3} FEEDBACK=1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center\Microsoft-Maus- und Tastatur-Center.lnk - c:\Windows\Installer\{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}\DeviceCenter.ico 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FlashGet.lnk - D:\Program Files (x86)\FlashGet\flashget.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\phase-6 desktop.lnk - C:\Program Files (x86)\phase-6\phase-6\phase-6.exe 
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Resume Download - Der Herr der Ringe Online™.lnk -  
C:\Users\Doro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\phase-6 desktop.lnk - C:\Program Files (x86)\phase-6\phase-6\phase-6.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}\SkypeIcon.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Jungs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe 
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Phase 6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Phase 6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Phase 6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Phase 6\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
IntelTBRunOnce = wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [MS]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
RtHDVBg_Dolby = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [Realtek Semiconductor]
Power Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [Acer Incorporated]
CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
AppRemover = wscript.exe "C:\Users\KOPPDI~1\AppData\Local\Temp\AppRemover_RunBatchSilently.vbs" "C:\Users\KOPPDI~1\AppData\Local\Temp\AppRemover_ToBeDelAfterReboot.bat" [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
SuiteTray = "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [Egis Technology Inc.]
BackupManagerTray = "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [NTI Corporation]
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
LManager = C:\Program Files (x86)\Launch Manager\LManager.exe [Dritek System Inc.]
NUSB3MON = "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [Renesas Electronics Corporation]
Dolby Advanced Audio v2 = "C:\Dolby PCEE4\pcee4.exe" -autostart [null data]
ArcadeMovieService = "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [CyberLink Corp.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft-Konto-Anmelde-Hilfsprogramm
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = IeCatch5 Class
                         \InProcServer32\(Default) = D:\PROGRA~1\FlashGet\jccatch.dll [FlashGet]

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
  -> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
                         \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft-Konto-Anmelde-Hilfsprogramm
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = gFlash Class
                         \InProcServer32\(Default) = D:\PROGRA~1\FlashGet\getflash.dll [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

 SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
  -> {HKCU...CLSID} = UpToDateOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

 SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
  -> {HKCU...CLSID} = SyncingOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

 SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
  -> {HKCU...CLSID} = ErrorOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

 SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
  -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

 SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
  -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

 SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
  -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\Kopp Dierkes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{ACEF9F57-4DEF-4CC9-A2C0-7A158D967E63} = Device Center Control Panel Property Page
  -> {HKLM...CLSID} = Device Center Property Page
                   \InProcServer32\(Default) = c:\Program Files\Microsoft Mouse and Keyboard Center\cplredirector.dll [MS]

{653DCCC2-13DB-45B2-A389-427885776CFE} = Activities Control Panel Property Page
  -> {HKLM...CLSID} = Activities Property Page
                   \InProcServer32\(Default) = c:\Program Files\Microsoft Mouse and Keyboard Center\ipcplact.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *| [file not found]|sdnclean64.exe [file not found]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MWLIVShellExt\(Default) = {B1B294FE-EC1E-4fef-AF68-D34CE3E38157}
  -> {HKLM...CLSID} = MWLIVShell Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [Egis Technology Inc. ]
  -> {HKLM...Wow...CLSID} = MWLIVShell Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\MWLIVShellExt.dll [Egis Technology Inc. ]

ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D}
  -> {HKLM...CLSID} = ShredContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.]
  -> {HKLM...Wow...CLSID} = ShredContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll [file not found]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

LogonHoursAction = (REG_DWORD) dword:0x00000002
{unrecognized setting}

DontDisplayLogonHoursWarnings = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Kopp Dierkes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\System32\Acer.scr [null data]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ATMoviePlayDVDMovieOnArrival\
Provider = clear.fi
InvokeProgID = DVD
InvokeVerb = PlayWithATMovie
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY DVD "%L" [CyberLink Corp.]

ATMoviePlaySVCDOnArrival\
Provider = clear.fi
InvokeProgID = SVCD
InvokeVerb = PlayWithATMovie
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY VCD "%L" [CyberLink Corp.]

ATMoviePlayVCDMovieOnArrival\
Provider = clear.fi
InvokeProgID = VCD
InvokeVerb = PlayWithATMovie
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY VCD "%L" [CyberLink Corp.]

CanonMPNEX40PictureOnArrival\
Provider = MP Navigator EX Ver4.0
InvokeProgID = MPNavigatorEX40.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\MPNavigatorEX40.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe /AUTOPLAY %1 [CANON INC.]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

NTIBurner\
Provider = NTI Media Maker
InvokeProgID = NTIBurnerOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9\Launcher.exe" [null data]

PCinemaPlayCDAudioOnArrival\
Provider = clear.fi
InvokeProgID = AudioCD
InvokeVerb = PlayWithPowerCinema
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY CD "%L" [Acer Incorporated]

WIA_{14E42EEC-F37B-4CC0-A797-5AF7F0AA8B7B}\
Provider = MP Navigator EX Ver4.0
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Startup items in "Kopp Dierkes" & "All Users" startup folders:
--------------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
phase-6 Reminder -> shortcut to: C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe [phase-6]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe ARM ->  launches: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Adobe Reader Speed Launcher ->  launches: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [file not found]
clear.fi -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" PreLaunch [Acer Incorporated]
clear.fiAgent -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" [CyberLink Corp.]
CreateChoiceProcessTask ->  launches: C:\Windows\System32\browserchoice.exe /launch [MS]
DMREngine -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" [CyberLink]
EgisUpdate ->  launches: "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [Egis Technology Inc.]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS]
Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS]
Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [null data]
Microsoft_MKC_Logon_Task_ipoint.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS]
Microsoft_MKC_Logon_Task_itype.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS]
PMMUpdate ->  launches: "C:\Program Files\EgisTec IPS\PMMUpdate.exe" [Egis Technology Inc.]
{896E58D1-C528-4FF2-BAD1-806F3DD9284F} ->  launches: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar [MS]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
WindowsParentalControls -> (HIDDEN!) launches: {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
  -> {HKLM...CLSID} = WpcNotificationsMonitor
                   \InProcServer32\(Default) = C:\Windows\System32\wpcumi.dll [MS]
  -> {HKLM...Wow...CLSID} = WpcNotificationsMonitor
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\wpcumi.dll [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
  -> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX
                         \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} = FlashGet Bar
  -> {HKLM...Wow...CLSID} = FlashGet Bar
                         \InProcServer32\(Default) = D:\PROGRA~1\FlashGet\fgiebar.dll [Amaze Soft]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
ButtonText = FlashGet
MenuText = &FlashGet
Exec = D:\PROGRA~1\FlashGet\flashget.exe [FlashGet.com]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Dienst "Bonjour", Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
ePower Service, ePowerSvc, C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [Acer Incorporated]
GREGService, GREGService, C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [Acer Incorporated]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod-Dienst, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Live Updater Service, Live Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer Incorporated]
McAfee McShield, McShield, "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [McAfee, Inc.]
McAfee Validation Trust Protection Service, mfevtp, "C:\Windows\system32\mfevtps.exe" [McAfee, Inc.]
Nero Update, NAUpdate, "C:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG]
NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [NTI Corporation]
Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MG5200 series\Driver = CNMLMAE.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]




==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Doro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Doro\AppData\Local\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jungs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Kopp Dierkes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kopp Dierkes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Phase 6\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Doro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Jungs\AppData\Local\Mozilla\Firefox\Profiles\0diimaah.default\Cache emptied successfully
C:\users\Kopp Dierkes\AppData\Local\Mozilla\Firefox\Profiles\q3mh1z6h.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Doro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Jungs\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KOPPDI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Doro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 25.06.2013 at 21:39:05,37 ======================
Hallo Ryder,

ich glaube, dank deiner Hilfe habe ich es geschafft!

Grüße

Fidus

Alt 27.06.2013, 20:29   #17
ryder
/// TB-Ausbilder
 
Firefox öffnet ständig Popups - Standard

Firefox öffnet ständig Popups


Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!


Schritt 3:

Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________

__________________
Alt 29.06.2013, 12:59   #18
ryder
/// TB-Ausbilder
 
Firefox öffnet ständig Popups - Standard

Firefox öffnet ständig Popups


Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
__________________
Alt 02.07.2013, 13:17   #19
ryder
/// TB-Ausbilder
 
Firefox öffnet ständig Popups - Standard

Firefox öffnet ständig Popups


Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Antwort
Seite 2 von 2 1 2

Themen zu Firefox öffnet ständig Popups
bereits, ergebnis, firefox, forum, guten, otl.exe, pop-ups, popup, popups, problem, verschwinden, woche, zusammen, öffnet


« McAfee meldete myroitracking.com | Nach Trojaner und Viren gesucht, Bildschirm Blau und PC runtergefahren..! »

Ähnliche Themen: Firefox öffnet ständig Popups


  1. Firefox nicht mehr bedienbar wegen ständig auftretender Popups, Werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (13)
  2. Firefox kaum zu bedinenen wegen ständig auftretender Popups, Werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 09.04.2015 (24)
  3. Win7 Pro: Firefox öffnet Popups / Tabs und ändert Text zu Links
    Log-Analyse und Auswertung - 31.10.2014 (11)
  4. Ständig öffnet sich immer dieselben popups im firefox
    Log-Analyse und Auswertung - 08.06.2014 (8)
  5. Ständig Popups und automatische Weiterleitung auf Internetseiten (Windows 7 professional, firefox und ie)
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (9)
  6. Win 7 - Firefox - ständig neue Popups
    Log-Analyse und Auswertung - 20.12.2013 (5)
  7. Google öffnet neue Tabs und Popups in Firefox
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (3)
  8. vermutliche Malware? PC öffnet .exe Dateien Nicht , IE - Popups öffnen Ständig > Folgen von Viren?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (7)
  9. Internetexplorer öffnet trotz Firefox Popups ! Virus?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (53)
  10. Ständig PopUps im Firefox - HJT File eingefügt.
    Log-Analyse und Auswertung - 19.07.2009 (13)
  11. Firefox öffnet ständig Werbung und öffnet nie die gewünschte Seite
    Log-Analyse und Auswertung - 05.06.2009 (2)
  12. Firefox öffnet ständig Werbung
    Log-Analyse und Auswertung - 11.05.2009 (4)
  13. Firefox öffnet ständig Pop-Ups
    Log-Analyse und Auswertung - 29.03.2009 (10)
  14. Firefox öffnet immer Popups
    Log-Analyse und Auswertung - 11.02.2009 (10)
  15. IE öffnet ständig neue Seiten Popups
    Log-Analyse und Auswertung - 04.02.2009 (3)
  16. ständig nervige Popups (Firefox 3)
    Log-Analyse und Auswertung - 05.11.2008 (12)
  17. Firefox öffnet dauernd Popups, HJT-Log anschauen
    Log-Analyse und Auswertung - 28.05.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firefox öffnet ständig Popups - Code: Alles auswählen Aufklappen ATTFilter Zoek.exe Version 4.0.0.2 Updated 25-June-2013 Tool run by Kopp Dierkes on 25.06.2013 at 21:23:29,66. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running - Firefox öffnet ständig Popups...
Archiv
Du betrachtest: Firefox öffnet ständig Popups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129