Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE Browserhomepage Qvo6 Suchmaschine nicht änderbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.07.2013, 22:27   #1
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo Trojanerboard-Team,

hab mir irgendwie den Qvo6 Virus eingefangen. Homepages von Firefox, Chrome und IE werden von der Qvo6 Suchmaschine belegt und ist nicht aenderbar. Ausserdem werden seitdem Werbebanner in Browserfenster eingeblendet, die ich vorher so nicht gesehen hab. Zu guter letzt waren zum selben Termin wie der Qvo6 2 weitere dubiose Programme installiert (WebCake 3.00 und Pro-HD-2.3) die ich nur mit Muehe loeschen / deinstallieren konnte - die aber vielleicht noch irgendwo schlummern.

Ich hab einiges geloescht / deinstalliert: Firefox, Chrome, Java6, Adobe, CCleaner, Avira und was ich sonst so an laenger nicht mehr gebrauchten Programmen auf dem Rechner hatte, aber der IE startet immer noch mit der Qvo6 Seite auf.

Defogger, OTL und GMER hab ich durchgefuehrt, Letzteres ist nicht durchgelaufen.

Code:
ATTFilter
OTL logfile created on: 15.07.2013 22:09:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pschwabeland\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,60% Memory free
7,80 Gb Paging File | 6,44 Gb Available in Paging File | 82,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 219,62 Gb Free Space | 76,79% Space Free | Partition Type: NTFS
 
Computer Name: PSCHWABELAND-PC | User Name: pschwabeland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.15 19:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe
PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.02.06 07:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.09.24 14:14:56 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.11 20:50:51 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\83cfe0422e7e54f3f00107c15a63f1b4\System.ServiceProcess.ni.dll
MOD - [2013.07.11 09:59:37 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6da2afd0e57708d41892d9d3e32ba5a3\System.Xaml.ni.dll
MOD - [2013.07.10 23:53:18 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b756ddf227abba4dd83b3210c01093bd\System.Windows.Forms.ni.dll
MOD - [2013.07.10 23:53:07 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f3770f9a13d7516e4c03f23dbd319cba\PresentationFramework.ni.dll
MOD - [2013.07.10 23:53:01 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\da851a56e2eb6cc239c4f018a57eb147\System.Drawing.ni.dll
MOD - [2013.07.10 23:52:55 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7546a01feb9d477570b883eec56cc673\System.Configuration.ni.dll
MOD - [2013.07.10 23:52:50 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4572de8445038600e4552429b18fbe32\PresentationCore.ni.dll
MOD - [2013.07.10 23:52:49 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\64b92e2a22bb8c1e86486bd22828acc5\System.Core.ni.dll
MOD - [2013.07.10 23:52:40 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c1c41a9e1a25999e74defafecb2aa0bc\System.Xml.ni.dll
MOD - [2013.07.10 23:52:39 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\112f6448b7434699af4bcc05f25ce12b\WindowsBase.ni.dll
MOD - [2013.07.10 23:52:35 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\89445d5b924ad94744d00f1b6cd2285d\System.ni.dll
MOD - [2013.07.10 23:41:36 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.26 20:42:30 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.14 10:06:12 | 000,206,072 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 23:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.01.05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.11.13 11:47:00 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 06:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.11 06:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.24 05:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE - HKCU\..\SearchScopes,DefaultScope = {15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4AD3C217FEB5D92C&affID=119357&tt=250613_gr5&tsp=4928
IE - HKCU\..\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.defaultthis.engineName: "Motorsport-Total.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1591225&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "qvo6"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.peterschwabeland.de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: 7125a285-7e68-47aa-9d72-e81874f4d47e%40d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com:0.91.9
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7B42e0ced7-806f-4983-af54-92bdeefee519%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
 
[2010.06.26 18:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Extensions
[2013.07.14 19:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions
[2013.07.12 00:19:31 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}
[2013.05.10 16:45:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.07.12 00:24:42 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\plugin@getwebcake.com
[2012.12.13 06:49:43 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.09 16:57:25 | 000,002,306 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\askcomsearch.xml
[2013.06.29 23:57:11 | 000,006,545 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\babylon.xml
[2011.12.15 17:21:38 | 000,000,943 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\conduit.xml
[2013.06.29 23:57:24 | 000,001,294 | ---- | M] () -- C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\delta.xml
[2013.07.03 21:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.03 21:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.07.03 21:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\PSCHWABELAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5D2R7BH.DEFAULT\EXTENSIONS\7125A285-7E68-47AA-9D72-E81874F4D47E@D3FCDB92-135D-4A8A-8CF6-11E3B57C5FDA.COM
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\pschwabeland\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA9548F9-8922-4868-AEB0-7E26ECAC2199}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.15 19:50:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe
[2013.07.13 11:52:39 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Malwarebytes
[2013.07.13 11:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.13 11:52:00 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\Programs
[2013.07.12 00:24:42 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\WebCake
[2013.07.12 00:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.07.12 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\eIntaller
[2013.07.12 00:19:32 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Dealply
[2013.07.12 00:19:30 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.07.12 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013.07.12 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\SwvUpdater
[2013.07.11 22:24:57 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\TuneUp Software
[2013.07.11 22:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.07.11 22:20:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.07.11 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Local\MFAData
[2013.07.11 22:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.07.03 21:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.29 23:56:52 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\DSite
[2013.06.29 23:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter
[2013.06.29 23:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.29 23:56:47 | 000,000,000 | ---D | C] -- C:\Users\pschwabeland\AppData\Roaming\Babylon
[2013.06.19 17:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2009.10.20 01:31:46 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.15 22:06:07 | 000,000,000 | ---- | M] () -- C:\Users\pschwabeland\defogger_reenable
[2013.07.15 22:04:23 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\Acer Registration Data Sending.job
[2013.07.15 22:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.15 20:02:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 20:02:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.15 19:55:15 | 3143,311,360 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.15 19:53:20 | 000,377,856 | ---- | M] () -- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe
[2013.07.15 19:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pschwabeland\Desktop\OTL.exe
[2013.07.15 19:50:08 | 000,050,477 | ---- | M] () -- C:\Users\pschwabeland\Desktop\Defogger.exe
[2013.07.15 19:06:04 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.07.14 18:29:41 | 000,000,976 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130714_182938.reg
[2013.07.13 12:09:00 | 000,012,154 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130713_120855.reg
[2013.07.13 11:26:13 | 000,009,902 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130713_112609.reg
[2013.07.12 17:16:24 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.12 17:16:24 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.12 17:16:24 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.12 17:16:24 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.12 17:16:24 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 09:49:38 | 000,025,380 | ---- | M] () -- C:\Users\pschwabeland\Documents\cc_20130711_094933.reg
[2013.07.11 08:39:58 | 000,441,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.02 22:06:40 | 000,014,970 | ---- | M] () -- C:\Users\pschwabeland\Documents\Adressen.odt
[2013.06.29 23:57:07 | 000,000,000 | ---- | M] () -- C:\END
[2013.06.29 19:22:50 | 000,004,533 | ---- | M] () -- C:\Users\pschwabeland\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf
[2013.06.29 19:22:07 | 000,010,455 | ---- | M] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048.pfx
[2013.06.24 19:00:24 | 000,026,758 | ---- | M] () -- C:\Users\pschwabeland\Documents\20120325_psc_Zahlungsverkehr_Vermoegensuebersicht_Lebensplanung.ods
 
========== Files Created - No Company Name ==========
 
[2013.07.15 22:06:07 | 000,000,000 | ---- | C] () -- C:\Users\pschwabeland\defogger_reenable
[2013.07.15 19:53:20 | 000,377,856 | ---- | C] () -- C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe
[2013.07.15 19:50:08 | 000,050,477 | ---- | C] () -- C:\Users\pschwabeland\Desktop\Defogger.exe
[2013.07.14 19:15:13 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.07.14 18:29:40 | 000,000,976 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130714_182938.reg
[2013.07.13 12:08:59 | 000,012,154 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130713_120855.reg
[2013.07.13 11:26:11 | 000,009,902 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130713_112609.reg
[2013.07.11 09:49:36 | 000,025,380 | ---- | C] () -- C:\Users\pschwabeland\Documents\cc_20130711_094933.reg
[2013.06.29 23:56:53 | 000,000,000 | ---- | C] () -- C:\END
[2013.06.29 19:22:50 | 000,004,533 | ---- | C] () -- C:\Users\pschwabeland\Documents\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf
[2013.06.29 19:20:41 | 000,010,231 | ---- | C] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048 - Kopie.pfx
[2013.05.10 16:42:46 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.28 19:34:20 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.28 19:34:20 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.08.08 18:52:04 | 000,010,455 | ---- | C] () -- C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048.pfx
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.06.23 11:31:52 | 000,000,000 | -HSD | M] -- C:\Users\pschwabeland\AppData\Roaming\.#
[2013.06.29 23:56:47 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Babylon
[2013.07.12 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Dealply
[2013.06.29 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DSite
[2012.06.29 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft
[2012.06.29 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.07.12 00:19:34 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\eIntaller
[2012.08.05 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\elsterformular
[2010.06.23 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\GameConsole
[2010.06.26 20:47:09 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\OpenOffice.org
[2010.09.20 00:00:52 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\PhotoScape
[2012.10.16 23:31:07 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Samsung
[2012.12.06 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\TeamViewer
[2013.05.10 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Telekom
[2012.06.13 23:48:27 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Temp
[2013.07.11 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\TuneUp Software
[2013.07.13 12:05:50 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\WebCake
[2012.05.13 22:38:30 | 000,000,000 | ---D | M] -- C:\Users\pschwabeland\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:93DE1838

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2013 22:09:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pschwabeland\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,60% Memory free
7,80 Gb Paging File | 6,44 Gb Available in Paging File | 82,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 219,62 Gb Free Space | 76,79% Space Free | Partition Type: NTFS
 
Computer Name: PSCHWABELAND-PC | User Name: pschwabeland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0629AD4A-EAAF-412F-A525-8E6C59BA903D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{090DDFD4-9C9F-4525-89B5-EA9970CD5CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0C61BB2B-59D3-4B2D-B4AA-F8D6DD16EBF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{112ED4A7-3C70-4760-99CD-24F4174DB819}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{145A4BE5-8190-4236-92DF-5030F664EABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2D3C8CBB-83C2-45C1-8CC3-94EF568C0C9F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{34B5B39A-291E-432F-9D25-49ABB47EE9BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45D9186D-C8B2-485F-9CA9-6B19FE402B50}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{574EEDD6-A9A6-4F84-994E-F3CC0151D226}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E3B0056-143B-4C51-B0FA-BE948840ADCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C9E1CE3-CDC5-413E-8F85-0E8459AC8A7B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{71560217-8F6B-404C-92B9-0F85E7E79BA2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{784AF628-D970-4D07-9486-CF2E59951353}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{7CA441ED-2C98-489C-ADA7-5AB374CAC0CF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7D569C0A-28AF-41AB-A33B-6E4887117D58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{853805D5-A4FB-438F-B7B7-29638DBA9104}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A46F7E2E-0120-440F-856A-B9E407291BDE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC2AF637-6772-4157-AE27-DBC0FB95BEA7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B35E0475-814E-4A8F-A83D-69B1575A1DA0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C03C33F1-8B7D-40A3-A626-F1792AC44979}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3617B2B-7A0B-46E9-9177-165B5D093798}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C769520E-2218-4B88-8E13-BD35E965B71A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D09B0E70-DA38-4FC0-88F4-788254EF2A2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D3248EFD-A364-42DE-B8FF-DAA369704E1D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D4DB4165-E729-4D0B-A46C-673D76E245A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6B3BBA7-42A0-4865-BFAF-9EAFB69AF0C2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA6492A4-33E1-4C6E-9C04-30841FDEF7D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5A83D0E-D2F0-4082-8726-7B76F0C9C978}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F638181B-882B-4DC9-A539-819D1A92DE2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7E9C217-D17C-4F82-8003-429B37861641}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F8C2C05E-8239-422E-BD56-7B221D203CCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008F097E-9B6C-4303-A7EA-610794AE8309}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07213F31-2ED4-4995-A146-8C61FB57D39E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0CD670F3-A6EB-4D18-AD61-F5FDF2EA7E09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CEBD364-5F44-4588-9107-960FCC6E23B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D25F55E-1AAF-4780-9616-7AACA7A8B015}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{12BEB1D0-ECE1-4E17-B95B-BD497DD4EA91}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1631B08F-A6DD-4FC0-BDC8-9264F5291582}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1776941D-E03B-4F6B-9D4E-0A3855033752}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1D4C0530-D206-4323-9C1D-C3C24992364B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21E20B11-12BB-4E6C-A7C5-98996957DC0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{224608ED-3193-49DC-B9E0-23FA9DD5EB74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C305228-A5B8-4C23-AAE2-84698D05E18D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{336DCE19-306D-41C0-9C75-108208ECAF91}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{35C93A56-0BB6-4E26-947E-436B80F6C467}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{35FCCDC3-D08A-43B8-ABD4-DC57722868A3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3644AC99-B2AF-49F1-9175-1C6E122BD010}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36D2A899-2724-48A0-B923-5A75E813D72C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3DAF0691-DE61-4ECA-B1EF-CC9DD70314C3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{40EB7E13-0771-48B0-8F0E-148FCA217F13}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{4282F7D2-F5A8-49AE-BB5C-B43A2611AB7D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{429EACA5-DA44-484D-B276-C3AB4FF6B97D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{4A1E1A32-091C-4901-80DB-E7BC37696649}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{4E8EB3BE-5FCA-4673-B5FE-0DD6FFAF4321}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{575DB7D0-82B4-4FD3-8BE2-F4F8281807E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5798B28F-A26B-40D4-966C-78D25C11EB8C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5ACCC750-A980-4E68-8FCD-A3F1CE08F0D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6148975B-08E7-4880-9456-EF94EE377311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64869A43-8F32-4E50-80E0-CB25FE5E3C8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6ED5DBDA-E194-49F9-90D3-D80B399599F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{704F2C6B-7AEF-4DD0-8A6F-016D095AEE19}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{71F501C8-40C5-4E94-9C1D-3F2CFEF32C79}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{84DDEC36-CFCA-4921-8017-AA80497EC685}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C3236F4-3F3D-44E0-AFAB-BBE7D26A084D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{94A754A4-FCA1-466C-86FE-04D3507DC017}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{97B4E4F3-7CB4-47F7-9BC1-8D82E4AB2708}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{97E79A2A-4A5B-43BC-A55B-1BDE05D39E9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{98764F4D-007C-47E9-A47E-D1FD6708782E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{98845ED0-E020-420B-8E11-BB291AE97240}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9DD26D3B-6B3C-44E1-AE53-07914330CA57}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{9E478C00-CC27-42D7-8D3B-4541F96A58A5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{A0D45E68-920E-4B31-8823-0AEA78D157A2}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B1D977E3-118C-4199-9297-00B29EE241C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B220432A-E5F8-4EE6-8FA5-D6CB55364796}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B7A8755F-4221-4066-A285-B521FC27CE3A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B80697CA-3616-427E-AC87-09906343C685}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD0B6D3F-D83A-4FF4-A3D4-F6A5014F5BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C047785B-4DFD-4D0B-8992-CAE28A63FA50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DCB287B4-7A14-4EC0-8E90-450794A23863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5A0045A-D525-46AC-8A68-110B9D5DF3F5}" = protocol=6 | dir=out | app=system | 
"{E6FBEBC7-A296-4276-8C89-1F9C9E85500C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA2D36E4-145C-4AB0-A77A-DEF11721A0A4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EFCB162D-99E8-4781-A185-7E985B20A754}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F605479B-F935-42DA-A705-C067E9753A11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F743C471-0F92-4B45-BFF4-AA66C77B11EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF9D71C0-2CD7-4F9D-9679-CA95082C9778}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"FastStone Capture" = FastStone Capture 5.3
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804
"Free YouTube Download_is1" = Free YouTube Download version 3.1.30.627
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoScape" = PhotoScape
"PROHYBRIDR" = 2007 Microsoft Office system
"Telekom Fotoservice" = Telekom Fotoservice
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mediencenter" = Mediencenter 3.7.0.2204
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 13.07.2013 06:07:11 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 13.07.2013 06:30:12 | Computer Name = pschwabeland-PC | Source = MsiInstaller | ID = 1041
Description = 
 
Error - 15.07.2013 14:15:33 | Computer Name = pschwabeland-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 23.06.2010 05:31:19 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0
Description = 11:31:18 - Fehler beim Herstellen der Internetverbindung.  11:31:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.06.2010 15:22:51 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0
Description = 21:22:51 - Fehler beim Herstellen der Internetverbindung.  21:22:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.06.2010 01:42:48 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0
Description = 07:42:48 - Fehler beim Herstellen der Internetverbindung.  07:42:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.06.2010 14:40:39 | Computer Name = pschwabeland-PC | Source = MCUpdate | ID = 0
Description = 20:40:39 - Fehler beim Herstellen der Internetverbindung.  20:40:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 25.07.2010 15:39:21 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 6153
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.08.2011 02:47:32 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1647
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.08.2011 18:21:31 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 585
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.10.2012 17:00:08 | Computer Name = pschwabeland-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35913
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.07.2013 04:08:11 | Computer Name = pschwabeland-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.07.2013 16:31:15 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 11.07.2013 16:32:30 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 11.07.2013 16:32:36 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.07.2013 03:02:01 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.07.2013 11:11:47 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.07.2013 11:11:50 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 13.07.2013 06:07:12 | Computer Name = pschwabeland-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 15.07.2013 13:54:35 | Computer Name = pschwabeland-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Eben hab ich noch MS Security Essentials installiert.

Jetzt hoff ich auf Eure Hilfe, ich komm offensichtlich mit meinem Dilettieren nicht weiter.

Gruss, Fritz

Alt 15.07.2013, 22:59   #2
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar





Ich bin smeenk und ich werde versuchen dir zu helfen

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    firefoxlook;
    qvo6;a
    shortcutfix;
    C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\askcomsearch.xml;f
    C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\babylon.xml;f
    C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\conduit.xml;f
    C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\delta.xml;f
    C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1};fs
    C:\USERS\PSCHWABELAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5D2R7BH.DEFAULT\EXTENSIONS\7125A285-7E68-47AA-9D72-E81874F4D47E@D3FCDB92-135D-4A8A-8CF6-11E3B57C5FDA.COM;fs
    filesrcm;
    C:\END;f
    {67A2568C-7A0A-4EED-AECC-B5405DE63B64}-iedefaults;http://www.peterschwabeland.de
    ffdefaults;http://www.peterschwabeland.de
    webcake;ff
    DealPly  Shopping;firefoxlook;
    C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly;fs
    C:\Program Files (x86)\DealPly;fs
    C:\Users\pschwabeland\AppData\Local\SwvUpdater;fs
    C:\ProgramData\Tarma Installer;fs
    C:\ProgramData\Babylon;fs
    C:\Windows\wininit.ini;f
    C:\Users\pschwabeland\AppData\Roaming\Babylon;fs
    C:\Users\pschwabeland\AppData\Roaming\Dealply;fs
    C:\Users\pschwabeland\AppData\Roaming\DSite;fs
    C:\Users\pschwabeland\AppData\Roaming\eIntaller;fs
    C:\Users\pschwabeland\AppData\Roaming\WebCake;fs
    chromelook;
    startupall;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)
__________________


Geändert von smeenk (15.07.2013 um 23:34 Uhr)

Alt 16.07.2013, 07:28   #3
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

danke fuer die Antwort. Hab den scan gemacht. Unten ist das Log-file. Der IE hat NICHT mit Qvo6 aufgestartet, sondern wie frueher mit der von mir eingestellten site.

Code:
ATTFilter
Zoek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by pschwabeland on 16.07.2013 at  8:12:49,18.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

16.07.2013 08:14:10 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.peterschwabeland.de");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1591225&SearchSource=3&q={searchTerms}");
user_pref("browser.search.defaultengine", "Ask.com Search");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.selectedEngine", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.peterschwabeland.de");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default

---- Lines webcake removed from prefs.js ----

user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
user_pref("extentions.webcake.installId", "4af4d235-b92c-410c-a159-9a10f986d964");

---- Lines webcake modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1373581594858,\"rdfTime\":1371557658000}}},{\"name\":\"app-profile\",\"addons\":{\"7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\",\"mtime\":1372543021796,\"rdfTime\":1372543021515},\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1373581482940,\"rdfTime\":1371740886000},\"{42e0ced7-806f-4983-af54-92bdeefee519}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{42e0ced7-806f-4983-af54-92bdeefee519}\",\"mtime\":1373581171813,\"rdfTime\":1367935180000},\"{635abd67-4fe9-1b23-4f01-e679fa7484c1}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\",\"mtime\":1372543155086,\"rdfTime\":1372543155086},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\pschwabeland\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e5d2r7bh.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi\",\"mtime\":1355374183408}}}]");

---- Lines webcake removed from user.js ----

user_pref("extentions.webcake.installId", "4af4d235-b92c-410c-a159-9a10f986d964");
user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");

---- FireFox user.js and prefs.js backups ---- 

user__0815_.backup
prefs__0815_.backup

==== Deleting Files \ Folders ======================

"C:\USERS\PSCHWABELAND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E5D2R7BH.DEFAULT\EXTENSIONS\7125A285-7E68-47AA-9D72-E81874F4D47E@D3FCDB92-135D-4A8A-8CF6-11E3B57C5FDA.COM" not found 
"C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\askcomsearch.xml" deleted
"C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\babylon.xml" deleted
"C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\conduit.xml" deleted
"C:\Users\pschwabeland\AppData\Roaming\mozilla\firefox\profiles\e5d2r7bh.default\searchplugins\delta.xml" deleted
"C:\END" deleted
"C:\Windows\wininit.ini" deleted
"C:\Users\pschwabeland\AppData\Roaming\mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}" deleted
"C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly" deleted
"C:\Program Files (x86)\DealPly" deleted
"C:\Users\pschwabeland\AppData\Local\SwvUpdater" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\pschwabeland\AppData\Roaming\Babylon" deleted
"C:\Users\pschwabeland\AppData\Roaming\Dealply" deleted
"C:\Users\pschwabeland\AppData\Roaming\DSite" deleted
"C:\Users\pschwabeland\AppData\Roaming\eIntaller" deleted
"C:\Users\pschwabeland\AppData\Roaming\WebCake" deleted
"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\plugin@getwebcake.com" deleted

==== Registry Search Results for "qvo6" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN]
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software\qvo6hp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="qvo6"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-07-14 17:15:13	E185BDA84E5F03F4E1D8DCA30E209277	1912	----a-w-	C:\Windows\epplauncher.mif
====== C:\Users\PSCHWA~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-07-10 21:42:48	BF1D2CFAE91C1E835902ECA27F8F7470	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 21:42:48	6A32A12A2C76B729D6485D04FCFB2175	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-07-10 21:42:47	B6A67646BD7E3A0AF2515703CBBD9A1C	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-07-10 21:42:46	FE29131E35902038066C924CF9C59DF8	2046976	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-07-10 21:42:46	F4A608A800C1BB6838797390CBBC1269	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-07-10 21:42:46	DED7DCF831A05D21F49510EA03F8F2C5	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 21:42:46	0D2F075863C2FA4F84FB95AC00B95151	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 21:42:45	EED047A0C528813D6AAF4F4F8B2C40C4	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 21:42:44	52F71A5790E1B6FFC34648F3B311EEE1	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-07-10 21:42:43	CB811C14C225DD07B98E676DFB0221E6	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-07-10 21:42:43	225D276C730DF08CC83EABAC407F0D75	1141248	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-07-10 21:42:41	AC9A9B64AF7005E488390E38AE00D117	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 21:42:41	9BF7C7654EFD098EE3A27B49492A382A	1767936	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-07-10 21:42:39	CC3FD6DEEE458D0BE9A69241E0749717	13760512	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-07-10 21:42:35	AF31E7D2C385F647ADFD5F5736B3BA64	14329856	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-07-10 20:45:20	674EB817CF6E43B7DF3EC26E06E98D98	509440	----a-w-	C:\Windows\SysWOW64\qedit.dll
2013-07-10 20:45:17	56D61BE56DA22334829E14CDE6A8C1FE	1620480	----a-w-	C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 20:44:35	1C0E369575F387460E2A5F28269B2CC4	1247744	----a-w-	C:\Windows\SysWOW64\DWrite.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-07-10 21:42:48	C9EC09E4BF3290331C25F0D12C93CEBF	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-07-10 21:42:47	AC127B02DD2C8FD41AC4162BA738F2ED	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-07-10 21:42:47	17B4359BB4BD72F8EB4F92B1DC4E4EB5	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-07-10 21:42:46	CDB7670A5C0F7D230ADC72F542D41AD8	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-07-10 21:42:46	9E0D8010D7368856617D3FE0FA5DA58F	2648576	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-07-10 21:42:46	6E1803473B6BCBA4C2FB31582DE12D7D	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-07-10 21:42:46	557F4ACCA6426112E28F19AAD734C971	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-07-10 21:42:46	34EACF2330282CCABA61F8DC43F16FD5	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-07-10 21:42:45	5A41FA3CB4E47560A26B183429F41D73	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-07-10 21:42:44	BEFD16482A3859071F563D2614EE2484	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-07-10 21:42:44	4A3D82F996C5B700D42ACCA94C2B9ABD	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-07-10 21:42:42	792685A9538424CC1F3FA6A816FE147C	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-07-10 21:42:41	B7B4D3A39BE24D7ABC69C06F44FCC5B1	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-07-10 21:42:40	FAF6EC2460AD5FBBD38D8E1AE28B0D77	2241024	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-07-10 21:42:38	391CD109EF28629644C267C855314DEE	15404032	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-07-10 21:42:37	9586EC4E1CC39CCBA26A5E7DFE774C9E	19238912	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-07-10 20:45:20	A3EC566925BEC505E2418C1AC14E541E	624128	----a-w-	C:\Windows\Sysnative\qedit.dll
2013-07-10 20:45:17	8B6CBE2FA2BAEDE2A3F5C96733481911	1887744	----a-w-	C:\Windows\Sysnative\WMVDECOD.DLL
2013-07-10 20:44:51	73601028E7C44154318AE91D2EB2EDB3	3153920	----a-w-	C:\Windows\Sysnative\win32k.sys
2013-07-10 20:44:35	DD85F00EC31F77315AE992B7B0411D65	1643520	----a-w-	C:\Windows\Sysnative\DWrite.dll
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2013-07-15 17:11:39	10AE76D908B1E58DBCA6E67A80C8E36E	3150	----a-w-	C:\Windows\Sysnative\Tasks\{6224C9D9-A907-42D7-ACD4-22A96332380D}
2013-07-11 22:19:32	D5F073456CE52EE8EDDD4CD5EBB4B2CA	3380	----a-w-	C:\Windows\Sysnative\Tasks\DealPlyUpdate
2013-07-11 20:25:14	9B7DD89F133CA1BD9830886D99F9EC12	3230	----a-w-	C:\Windows\Sysnative\Tasks\SidebarExecute
2013-06-29 21:56:57	73BB4D7F93205C3E836C3605D51ECF52	3846	----a-w-	C:\Windows\Sysnative\Tasks\QtraxPlayer
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-29 21:56:51	--------	d-----w-	C:\Program Files (x86)\Image Converter
======= C: =====
2013-07-13 15:00:51	C6600F24A08DA4DA7920358FAE2BF02A	13150	----a-w-	C:\AdwCleaner[R2].txt
2013-07-13 15:00:20	626E2AB859DD33C1D297A33B415696F4	13089	----a-w-	C:\AdwCleaner[R1].txt
====== C:\Users\pschwabeland\AppData\Roaming ======
2013-07-13 09:52:00	--------	d-----w-	C:\users\pschwabeland\AppData\Local\Programs
2013-07-11 20:24:57	--------	d-----w-	C:\users\pschwabeland\AppData\Roaming\TuneUp Software
2013-07-11 20:20:59	--------	d-----w-	C:\users\pschwabeland\AppData\Local\MFAData
====== C:\Users\pschwabeland ======
2013-07-15 20:06:07	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\pschwabeland\defogger_reenable
2013-07-15 17:53:20	60BF4AE8CC40B0E3E28613657ED2EED8	377856	----a-w-	C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe
2013-07-15 17:50:47	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\pschwabeland\Desktop\OTL.exe
2013-07-15 17:50:08	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\pschwabeland\Desktop\Defogger.exe
2013-07-11 20:24:12	--------	d-----w-	C:\ProgramData\AVG2013
2013-07-11 20:20:59	--------	d--h--w-	C:\ProgramData\Common Files
2013-07-11 20:20:59	--------	d-----w-	C:\ProgramData\MFAData
2013-06-29 17:20:41	126529A214DC12F57FBEA22AF2A4DADB	10231	----a-w-	C:\Users\pschwabeland\PeterSchwabeland_pschwabe_elster_2048 - Kopie.pfx

====== C: exe-files ==
2013-07-15 17:53:20	60BF4AE8CC40B0E3E28613657ED2EED8	377856	----a-w-	C:\Users\pschwabeland\Desktop\gmer_2.1.19163.exe
2013-07-15 17:50:47	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\pschwabeland\Desktop\OTL.exe
2013-07-15 17:50:08	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\pschwabeland\Desktop\Defogger.exe
2013-07-15 17:45:22	76691D84F961717D9B03F39869DFB289	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$ICOPHR1.exe
2013-07-15 17:34:03	DBFB85B7E4C2B25A1F3A4275BB615BC0	793536	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RCOPHR1.exe
2013-07-15 17:32:50	AC0E4905E11A88BFF7C1D6DBEDB35D3D	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IVIVJLO.exe
2013-07-15 17:32:46	ABFC7928D3D1C7BE80675AE2ADC7D5EC	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IBLGQFH.exe
2013-07-15 17:32:39	05FE60762BBCE833E9447C5FA9BEB4A6	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IBE63WM.exe
2013-07-15 17:32:27	5EEB4B07F4233F575B6DF2B6B5226120	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$IQI1EL0.exe
2013-07-13 09:51:31	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RBE63WM.exe
2013-07-11 22:16:58	103BC0577297E682CA1B5A7E783E26FC	157728	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RBLGQFH.exe
2013-07-11 20:21:09	DF5ADF896EE6C175C0B298BBA14BED49	42104	----a-w-	C:\ProgramData\MFAData\SelfUpd\avguirux.exe
2013-07-11 20:21:09	C44F12B72DF42A037E65713B0F50B9D8	7330384	----a-w-	C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
2013-07-11 20:21:09	A2DD738C3E673E76E5EA538702414BB7	15480	----a-w-	C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe
2013-07-11 20:21:08	150DE281AA5F4DA6FECAB535F93EC7F4	270968	----a-w-	C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
2013-07-11 20:21:08	0214EC38CFEF72AA54F5243F9D689F04	621176	----a-w-	C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
2013-07-11 20:19:39	DB37618F6A72BAFE36077F3C2BFB5AA8	4411440	----a-w-	C:\$Recycle.Bin\S-1-5-21-4047443306-526542098-988017616-1003\$RVIVJLO.exe
2013-07-10 21:42:46	6E1803473B6BCBA4C2FB31582DE12D7D	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 21:42:46	34EACF2330282CCABA61F8DC43F16FD5	51712	----a-w-	C:\Windows\System32\ie4uinit.exe
2013-07-10 21:42:46	0D2F075863C2FA4F84FB95AC00B95151	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 21:42:45	98C6F2A9A981A54222602B87C6310BDE	775256	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2013-07-10 21:42:45	30E7CA4620500FE012EB464F0E1DE91E	770648	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
=== C: other files ==
2013-07-10 20:44:51	73601028E7C44154318AE91D2EB2EDB3	3153920	----a-w-	C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Folders ======================

2013-05-10 14:42:40	1165	----a-w-	C:\users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
2010-06-26 18:47:40	1239	----a-w-	C:\users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
2009-10-20 00:05:12	1782	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Acer Registration Data Sending.job --a------ C:\Program Files (x86)\Acer\Registration\GREG.exe [28.08.2009 11:40]

==== Firefox Extensions ======================

ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default
- DealPly Shopping - %ProfilePath%\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default
2EE9DCAE1D70ABF4D058688DE35F8221	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.250.16
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.microsoft.com/"
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
"Start Page"="hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.peterschwabeland.de"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4AD3C217FEB5D92C&affID=119357&tt=250613_gr5&tsp=4928"
{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3} Ask Search Url="hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} qvo6  Url="hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== shortcuts in Users Start Menu ======================

C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE  /recycle
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD3200BEVT-22ZCT0_WD-WX30AC9Z1027Z1027&ts=1373581177
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ElsterFormular.lnk - C:\Program Files (x86)\ElsterFormular\bin\pica.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FastStone Capture.lnk - C:\Program Files (x86)\FastStone Capture\FSCapture.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice.org.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Telekom Fotoservice.lnk - C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

==== shortcuts After Repair ======================

C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\pschwabeland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe 

==== EOF on 16.07.2013 at  8:20:28,08 ======================
         
__________________

Alt 16.07.2013, 07:50   #4
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Sieht gut aus

  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN];r64
    "Default_Page_URL"="http://www.peterschwabeland.de";r64
    "Start Page"="http://www.peterschwabeland.de";r64
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}];r
    [-HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software];r
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command];r
    autoclean;
    @="C:\\Program Files\\Internet Explorer\\iexplore.exe";r
    [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}];r
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Alt 16.07.2013, 11:55   #5
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

danke fuer die Antwort. Mach ich heut Abend nach der Arbeit. Heut morgen ist mir beim Aufraeumen noch aufgefallen, dass sich 2 Programme (FreeYoutubeDownload von DVDVideoSoft) nicht deinstallieren lassen. Ich hab die zwar vor nem Jahr runtergeladen und auch benutzt, aber das die Dinger nicht deinstallierbar sind kommt mir komisch vor.

Gruss, Fritzz


Alt 16.07.2013, 12:21   #6
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo Fritzz

Nehmen wir uns diese Programme auch mit in die Bereinigung

Alt 16.07.2013, 19:11   #7
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

Ja, die Programme FreeYoutubeDownload bitte auch deinstallieren.
Hier das letzte zoek-logfile:

Code:
ATTFilter
Zoek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by pschwabeland on 16.07.2013 at 19:43:52,21.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results16.07.2013-0820.log	29865 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3} deleted successfully
HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default

---- Lines delta removed from prefs.js ----

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "4ad3a7b5000000000000c217feb5d92c");
user_pref("extensions.delta.instlDay", "15885");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.523:57:22");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250613_gr5&tsp=4928");
user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----


---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "4ad3a7b5000000000000c217feb5d92c");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15885");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.523:57:22");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250613_gr5&tsp=4928");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines CT1591225 removed from prefs.js ----


---- Lines CT1591225 modified from prefs.js ----


---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultthis.engineName", "Motorsport-Total.com Customized Web Search");

---- Lines Web Search modified from prefs.js ----


---- Lines Customized removed from prefs.js ----


---- Lines Customized modified from prefs.js ----


---- Lines crossrider removed from prefs.js ----

user_pref("extensions.crossrider.bic", "13f91f2a0e6d98a9236534dc389585d4");

---- Lines crossrider modified from prefs.js ----


---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

user__0815_.backup
user__1948_.backup
prefs__0815_.backup
prefs__1948_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\qvo6Software] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] 
@="C:\\Program Files\\Internet Explorer\\iexplore.exe" 
[-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] 

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN] 
"Default_Page_URL"="hxxp://www.peterschwabeland.de" 
"Start Page"="hxxp://www.peterschwabeland.de" 

==== Deleting Files \ Folders ======================

"C:\Users\pschwabeland\Downloads\sweetimsetup.exe" deleted
"C:\windows\SysNative\Tasks\DealPlyUpdate" deleted
"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\bProtector_extensions.rdf" deleted
"C:\Users\pschwabeland\AppData\Roaming\Temp" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoftIEHelpers" deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\Partner" deleted
"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\CT1591225" deleted
"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\CT1591225" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default
- DealPly Shopping - %ProfilePath%\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default
2EE9DCAE1D70ABF4D058688DE35F8221	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.250.16
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}" deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.peterschwabeland.de"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15A91B15-B6A9-4C32-BC4C-DE67CE040AF3}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.peterschwabeland.de"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE385"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pschwabeland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pschwabeland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PSCHWA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 16.07.2013 at 20:01:49,51 ======================
         
Dank & Gruss, Fritzz

Alt 16.07.2013, 20:03   #8
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    C:\Program Files (x86)\Common Files\DVDVideoSoft;fs
    C:\Program Files (x86)\DVDVideoSoft*;fs
    C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi;f
    DVDVideoSoft;z
    Free YouTube Download;a
    uninstall-list;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Geändert von smeenk (16.07.2013 um 20:12 Uhr)

Alt 16.07.2013, 21:12   #9
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

danke fuer das script.

Hier ist das log:

Code:
ATTFilter
Zoek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by pschwabeland on 16.07.2013 at 22:00:40,32.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results16.07.2013-0820.log	29865 bytes
C:\zoek-results16.07.2013-2001.log	10377 bytes

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\DVDVideoSoft*" not found 
"C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft" deleted

==== Folders Found ======================

2011-08-11 19:25:17 2012-06-29 20:24:21	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2011-08-11 19:25:17 2012-06-29 20:24:21	--------	d-----w-	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2011-08-11 19:25:25 2012-06-29 20:24:44	--------	d-----w-	C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft
2011-09-11 20:31:41 2011-09-11 20:31:41	--------	d-----w-	C:\Users\pschwabeland\Documents\DVDVideoSoft

==== Files Found ======================


==== Registry Search Results for "Free YouTube Download" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\AppPaths]
"FreeYouTubeDownload"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\AppPaths]
"FreeYTVDownloader"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\UninstallPaths]
"Free YouTube Download 3"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\unins000.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft\UninstallPaths]
"Free YouTube Download"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\unins000.exe /log=C:\\Users\\pschwabeland\\AppData\\Roaming\\DVDVideoSoft\\logs\\FreeYTVDownloader_uninstall.txt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
"Inno Setup: App Path"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
"InstallLocation"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
"DisplayName"="Free YouTube Download 3 version 3.0.12.804"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
"DisplayIcon"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
"QuietUninstallString"="\"C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\unins000.exe\" /SILENT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
"Inno Setup: App Path"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
"InstallLocation"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
"DisplayName"="Free YouTube Download version 3.1.30.627"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
"DisplayIcon"="C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
"QuietUninstallString"="\"C:\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\unins000.exe\" /SILENT"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45a7d04e_0]
@="{0.0.0.00000000}.{7aece909-76b7-4193-b377-95791b456a5a}|\\Device\\HarddiskVolume3\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download\\FreeYTVDownloader.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\633aa494_0]
@="{0.0.0.00000000}.{7aece909-76b7-4193-b377-95791b456a5a}|\\Device\\HarddiskVolume3\\Program Files (x86)\\DVDVideoSoft\\Free YouTube Download 3\\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download]

==== Uninstall List x64 ======================

2007 Microsoft Office system [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PROHYBRIDR]
Acer Crystal Eye Webcam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7760D94E-B1B5-40A0-9AA0-ABF942108755}]
Acer ePower Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}]
Acer eRecovery Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F811A54-5A09-4579-90E1-C93498E230D9}]
Acer GridVista [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GridVista]
Acer Registration [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Registration]
Acer ScreenSaver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Screensaver]
Acer Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}]
Acer VCM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}]
Acrobat.com  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
Business Contact Manager fr Outlook 2007 SP2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}]
Business Contact Manager fr Outlook 2007 SP2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Business Contact Manager]
Conexant HD Audio [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA]
D3DX10  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
eBay Worldwide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}]
ElsterFormular 2008 - 2009 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ElsterFormular 2008 - 2009 2008-2009]
ElsterFormular fr Privatanwender [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ElsterFormular fr Privatanwender 12.3.2.6814p]
FastStone Capture 5.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture]
Free YouTube Download 3 version 3.0.12.804 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1]
Free YouTube Download version 3.1.30.627 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1]
Identity Card [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Identity Card]
Intel(R) Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]
Intel© Matrix Storage Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}]
InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}]
InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF8FFD12-602B-422D-AF1D-511B411E7632}]
Java 7 Update 25 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}]
Java 7 Update 7 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417007FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
Launch Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LManager]
Mediencenter 3.7.0.2204 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mediencenter]
Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
Messenger Companion [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
Microsoft Office 2003 Web Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90A40407-6000-11D3-8CFE-0150048383C9}]
Microsoft Office Language Pack 2007 - German/Deutsch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OMUI.de-de]
Microsoft Office Live Add-in 1.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}]
Microsoft Office Small Business Connectivity Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A939D341-5A04-4E0A-BB55-3E65B386432D}]
Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}]
Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D954C6C2-544B-4091-A47F-11E77162883E}]
Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
Microsoft SQL Server 2005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 2005]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}]
Microsoft SQL Server Native Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7C39E0D1-E138-42B1-B083-213EC2CF7692}]
Microsoft SQL Server VSS Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350AA351-21FA-3270-8B7A-835434E766AD}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
MSVCRT  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT_amd64  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MyFreeCodec  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec]
NTI Backup Now 5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}]
NTI Backup Now Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12EFA1A4-AC3B-443C-8143-237EDE760403}]
NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2413930C-8309-47A6-BC61-5EF27A4222BC}]
NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}]
OpenOffice.org 3.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}]
PhotoScape  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape]
QuickTime  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E64B098-8018-4256-BA23-C316A43AD9B0}]
Realtek USB 2.0 Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}]
Samsung Kies [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{758C8301-2696-4855-AF45-534B1200980A}]
Samsung Kies [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\01_Simmental]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\02_Siberian]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\03_Swallowtail]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\04_semseyite]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\05_Sloan]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\06_Spencer]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\07_Schorl]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\08_EMPChipset]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\09_Hsp]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\11_HSP_Plus_Default]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\16_Shrewsbury]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\17_EMP_Chipset2]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\18_Zinia_Serial_Driver]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\19_VIA_driver]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\20_NXP_Driver]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\21_Searsburg]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\22_WiBro_WiMAX]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\24_flashusbdriver]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\25_escape]
SAMSUNG USB Driver for Mobile Phones [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}]
Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
Telekom Fotoservice [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Telekom Fotoservice]
Untersttzungsdateien fr das Microsoft SQL Server-Setup (Englisch) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07629207-FAA0-4F1A-8092-BF5085BE511F}]
Visual C++ 2008 x86 Runtime - (v9.0.30729) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}]
Visual C++ 2008 x86 Runtime - v9.0.30729.01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01]
VLC media player 1.1.10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
Welcome Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Acer Welcome Center]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2128559D-BBCD-4744-87F0-7C0CD5CFB464}]
Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B113D18C-67B0-4FB7-B329-E89B66194AE6}]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1239994-A850-44E2-BED8-E70A21124E16}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
Windows Live Mesh ActiveX control for remote connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5398A89-516C-4DAF-BA07-EE7949090E56}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}]
Windows Live Messenger Companion Core [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4E88B54-4777-4659-967A-2EED1E6AFD83}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}]
Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D930AF5C-5193-4616-887D-B974CEFC4970}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{76618402-179D-4699-A66B-D351C59436BC}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37B33B16-2535-49E7-8990-32668708A0A3}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859D4022-B76D-40DE-96EF-C90CDA263F44}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}]
Windows Mobile-Ger„tecenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}]

==== EOF on 16.07.2013 at 22:04:58,92 ======================
         
Dank & Gruss, Fritzz

Alt 16.07.2013, 22:28   #10
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Nächster Schritte
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft;fs
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft;fs
    C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft;fs
    C:\Users\pschwabeland\Documents\DVDVideoSoft;fs
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1];r
    [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45a7d04e_0];r
    [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\633aa494_0];r
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1];r
    [-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download];r
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft];r
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 17.07.2013, 07:32   #11
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

danke fuer script u. Programm.

Die Logs folgen:

Code:
ATTFilter
oek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by pschwabeland on 17.07.2013 at  8:13:35,31.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results16.07.2013-0820.log	29865 bytes
C:\zoek-results16.07.2013-2001.log	10377 bytes
C:\zoek-results16.07.2013-2204.log	26877 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download 3_is1] 
[-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\45a7d04e_0] 
[-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\633aa494_0] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] 
[-HKEY_USERS\S-1-5-21-4047443306-526542098-988017616-1003\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\DVDVideoSoft] 

==== Deleting Files \ Folders ======================

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft" deleted
"C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft" deleted
"C:\Users\pschwabeland\AppData\Roaming\DVDVideoSoft" deleted
"C:\Users\pschwabeland\Documents\DVDVideoSoft" deleted

==== EOF on 17.07.2013 at  8:14:59,78 ======================
         
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 17/07/2013 um 08:24:37 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : pschwabeland - PSCHWABELAND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\pschwabeland\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\pschwabeland\AppData\Roaming\Mozilla\Firefox\Profiles\e5d2r7bh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [13089 octets] - [13/07/2013 17:00:20]
AdwCleaner[R2].txt - [13150 octets] - [13/07/2013 17:00:51]
AdwCleaner[S1].txt - [2759 octets] - [17/07/2013 08:24:37]

########## EOF - C:\AdwCleaner[S1].txt - [2819 octets] ##########
         
Dank & Gruss, Fritzz

Alt 17.07.2013, 08:30   #12
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Sieht gut aus

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Merkst Du momentan noch einige Probleme?

Alt 17.07.2013, 17:41   #13
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

danke fuer die Antwort - das Programm lass ich heut abend nach der Arbeit laufen.

Das Kernproblem (Homepage der Internet Browser hijacked by Qv06) ist beim IE
verschwunden (Firefox und Chrome hab ich noch nicht wieder installiert) und
auch die Werbebanner (z Bsp auf Spiegel online, oder Yahoo Mailbox) seh ich nicht mehr.

Dank & Gruss, Fritzz

hier das Log:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.69  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 17.07.2013, 22:29   #14
smeenk
/// Malwareteam / Visitor
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Installiere Firefox und eventuell Chrome erneut und erzähle mir bitte ob diese auch wieder fehlerfrei funktionieren

Alt 18.07.2013, 07:51   #15
Fritzz
 
IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Standard

IE Browserhomepage Qvo6 Suchmaschine nicht änderbar



Hallo smeenk,

habe die Probleme mit Qvo6, Plus-HD-2.3 u. WebCake 3.00 nicht mehr.

Vielen Dank & beste Gruesse, Fritzz

Antwort

Themen zu IE Browserhomepage Qvo6 Suchmaschine nicht änderbar
adobe, autorun, avg, avira, bho, bingbar, bonjour, ebay, error, excel, fehler, firefox, format, iexplore.exe, install.exe, java6, launch, logfile, microsoft office 2003, ms security essentials, msiinstaller, nicht änderbar, plug-in, qvo6 internet explorer, realtek, registry, richtlinie, rundll, scan, security, server, software, suchmaschine, svchost.exe, tarma, virus, windows



Ähnliche Themen: IE Browserhomepage Qvo6 Suchmaschine nicht änderbar


  1. Google Suchmaschine funktioniert nicht mehr Win32?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (4)
  2. Firewall fehlercode 0x80070424, andere Sicherheitseinstellung auch nicht änderbar, keine Downloads möglich
    Log-Analyse und Auswertung - 09.07.2014 (13)
  3. AOL Email gehackt? Password zurückgesetzt, nicht änderbar
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (9)
  4. search.conduit.com Startseite neuer Tab nicht änderbar, doppelt unterstrichene Wörter mit dubiosen ads
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  5. qvo6 - Kriegs nicht weg
    Plagegeister aller Art und deren Bekämpfung - 19.10.2013 (13)
  6. Werde den Browser Virus qvo6 nicht los
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (6)
  7. WIN 7 Deltasearch als Suchmaschine lässt sich nicht entfernen
    Log-Analyse und Auswertung - 20.08.2013 (7)
  8. Qvo6 virus eingefangen! Kann es nicht löschen
    Log-Analyse und Auswertung - 18.07.2013 (6)
  9. Qvo6 verschwindet nicht!
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (16)
  10. Internet Turbo Toolbar und Browsermanipulation durch Qvo6 Suchmaschine
    Log-Analyse und Auswertung - 17.05.2013 (9)
  11. qvo6 Virus läßt sich nicht entfernen
    Log-Analyse und Auswertung - 15.05.2013 (11)
  12. qvo6 läßt sich nicht etfernen
    Log-Analyse und Auswertung - 14.05.2013 (5)
  13. DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar
    Log-Analyse und Auswertung - 25.04.2013 (13)
  14. Desktophintergrund unter Vista nicht änderbar
    Mülltonne - 21.09.2008 (0)
  15. suchmaschine funktioniert nicht mehr
    Log-Analyse und Auswertung - 17.06.2008 (1)
  16. Desktophintergrund nicht mehr dauerhaft änderbar
    Plagegeister aller Art und deren Bekämpfung - 08.01.2008 (6)
  17. Startseite nicht änderbar!
    Log-Analyse und Auswertung - 10.08.2005 (4)

Zum Thema IE Browserhomepage Qvo6 Suchmaschine nicht änderbar - Hallo Trojanerboard-Team, hab mir irgendwie den Qvo6 Virus eingefangen. Homepages von Firefox, Chrome und IE werden von der Qvo6 Suchmaschine belegt und ist nicht aenderbar. Ausserdem werden seitdem Werbebanner in - IE Browserhomepage Qvo6 Suchmaschine nicht änderbar...
Archiv
Du betrachtest: IE Browserhomepage Qvo6 Suchmaschine nicht änderbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.