| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Claro SearchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
15.11.2012, 21:23
| #1 |
| |  Claro Search Hallo, ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite aufgerufen wird, auch nach einer Umstellung in den Einstellungen erscheint diese Startseite. Des Weiteren habe ich heute Nachmittag auf einige wichtige Emails gewartet, die allerdings vom Thunderbird nicht heruntergeladen wurden. Online sind sie da, aber nicht im Thunderbird. Ich war schon froh, dass der Bestätigungslink für das Trojaner-Board angekommen ist.  Ich hoffe alle Schritte richtig zu befolgen, da ich nicht ganz so fit bin. Nebenbei habe ich einen Vollzeitjob, baue ein Haus und habe 2 kleine Kinder - daher bitte nicht böse sein, wenn es mal ein wenig länger dauert. Nun zu den geforderten Infos: Schritt 1: defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:18 on 15/11/2012 (Heiko) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Schritt 2: OTL logfile created on: 15.11.2012 21:24:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free 5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.15 15:41:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2012.01.04 19:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe PRC - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe PRC - [2009.09.08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.09.07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009.08.23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.08.06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe MOD - [2012.06.16 14:11:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.15 21:30:54 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.15 21:30:44 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 21:29:57 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 21:29:49 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 07:20:56 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.10 07:15:38 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:15:36 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 07:14:37 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 07:14:33 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 07:14:31 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 07:14:20 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.16 00:18:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2011.09.16 00:18:04 | 000,114,688 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll MOD - [2011.09.16 00:17:06 | 002,888,416 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2011.09.16 00:17:04 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.04.05 19:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.DLL MOD - [2010.04.05 19:52:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL MOD - [2010.04.01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll MOD - [2010.04.01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll MOD - [2009.05.27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll MOD - [2009.05.06 07:06:57 | 000,167,936 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpr.dll MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll MOD - [2009.04.23 10:00:35 | 000,344,064 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeecomx.dll MOD - [2009.04.20 00:57:37 | 006,250,496 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpb.dll MOD - [2009.04.20 00:50:39 | 001,183,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprp.dll MOD - [2009.04.20 00:46:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeegcfg.dll MOD - [2009.04.07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll MOD - [2009.03.30 12:18:48 | 000,165,888 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeedrui.dll MOD - [2009.03.23 12:26:10 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeptpc.dll MOD - [2009.03.09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.14 13:41:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.29 21:14:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2010.05.02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc) SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device) SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.09.01 09:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.17 04:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4612_5&babsrc=SP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D IE - HKCU\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4df80400000000000000626b69b035f&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.15 14:03:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.15 14:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions [2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 19:42:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com [2012.01.04 19:17:04 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\askcom.xml [2012.11.15 14:03:02 | 000,002,514 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\browsemngr.xml [2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.15 14:03:03 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.15 14:02:47 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - HKCU..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] () O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.15 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Claro [2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.15 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD [2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.15 14:02:37 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll [2012.11.15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.11.15 21:06:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012.11.15 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012.11.15 18:25:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 15:43:09 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 14:02:40 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.11.15 14:02:40 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.06 20:42:29 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.11.06 20:42:29 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.11.06 20:42:29 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.11.06 20:42:29 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF [2012.10.18 21:52:37 | 000,075,084 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF [2012.10.18 21:15:33 | 001,939,472 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF [2012.10.18 19:43:07 | 003,222,752 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF ========== Files Created - No Company Name ========== [2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 14:02:40 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.11.15 14:02:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF [2012.10.18 20:13:07 | 001,939,472 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF [2012.10.18 20:12:27 | 000,075,084 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF [2012.10.18 19:43:06 | 003,222,752 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF [2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll [2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll [2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll [2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll [2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll [2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll [2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll [2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll [2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll [2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll [2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll [2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll [2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll [2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll [2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe [2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll [2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe [2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll [2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe [2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll [2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll [2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll [2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll [2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll [2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll [2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll [2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll [2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll [2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll [2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll [2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI [2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.22 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.10.06 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.11.15 14:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2010.02.11 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2011.06.22 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec [2012.11.15 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claro [2011.06.22 19:11:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2012.10.11 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.10.11 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.23 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.07.01 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Sound Recorder [2010.03.04 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2010.03.04 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.05.04 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2010.10.16 21:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus [2010.02.24 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.06.22 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.09.27 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo [2012.09.05 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2010.02.24 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.11.15 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2010.01.21 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2010.01.14 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rorig Software [2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > OTL Extras logfile created on: 15.11.2012 21:24:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free 5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system | "{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system | "{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system | "{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system | "{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system | "{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system | "{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system | "{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system | "{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system | "{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe | "{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe | "{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe | "{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | "{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | "{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe | "{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | "TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | "TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | "TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | "TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | "UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | "UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | "UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | "UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5 "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "claro" = Claro LTD toolbar "FileZilla Client" = FileZilla Client 3.5.3 "Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005 "Free Sound Recorder_is1" = Free Sound Recorder v9.4.1 "Free Studio_is1" = Free Studio version 5.7.5.1005 "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series "MEDION NAS TOOL" = MEDION NAS TOOL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6 "Sweet Home 3D_is1" = Sweet Home 3D version 2.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.10.2012 14:29:25 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.10.2012 13:46:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.10.2012 13:46:43 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.10.2012 11:20:13 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 16.10.2012 14:38:04 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 16.10.2012 16:40:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.10.2012 16:41:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.10.2012 00:43:52 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 17.10.2012 22:24:56 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 18.10.2012 10:16:34 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 18.10.2012 10:35:36 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.10.2012 10:36:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 20.10.2012 00:27:19 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = [ OSession Events ] Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 15.11.2012 10:45:48 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 10:45:51 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 12:35:02 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:11 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:14 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:18 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:21 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 14:43:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 15:30:13 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 15:47:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. < End of report > Sorry, hat etwas gedauert. Ich hätte die 3 Schritte vor der Öffnung des Beitrages durchführen sollen. Mir ist noch eingefallen, dass der Download von Avira heute Vormittag nur im Schneckentempo lief - normal habe ich eine super Verbindung. Nun aber zum 3. Schritt: Schritt 3: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 22:26:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: ykcz9hv8.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys
---- System - GMER 1.0.15 ----
SSDT 90835636 ZwCreateSection
SSDT 90835640 ZwRequestWaitReplyPort
SSDT 9083563B ZwSetContextThread
SSDT 90835645 ZwSetSecurityObject
SSDT 9083564A ZwSystemDebugControl
SSDT 908355D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830439C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830634E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8306A87C 4 Bytes [36, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8306ABD8 4 Bytes [40, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8306AC1C 4 Bytes [3B, 56, 83, 90] {CMP EDX, [ESI-0x7d]; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8306AC98 4 Bytes [45, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8306ACEC 4 Bytes [4A, 56, 83, 90]
.text ...
.text user32.dll!DialogBoxParamW 752D3B9B 5 Bytes [E9, A0, 09, AB, FF] {JMP 0xffffffffffab09a5}
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\wininit.exe[492] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\services.exe[544] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\lsass.exe[560] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\winlogon.exe[660] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Vorab schon einmal vielen Dank & bis hoffentlich morgen. Heiko Geändert von HAK (15.11.2012 um 21:48 Uhr) Grund: Für OTL musste ich alle Programme schließen. |
| Themen zu Claro Search |
| 7-zip, audiograbber, autostart, browser manager, einstellungen, emails, erscheint, firefox, gen, heute, hoffe, infos, install.exe, intranet, job, kinder, kleine, limited.com/facebook, länger, microsoft office 2003, office 2007, online, opfer, plug-in, richtig, schei, search, seite, start, startseite, super, thunderbird, troja, trojaner-board, wenig, wichtige |
Baum-Darstellung