| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Claro SearchWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.11.2012, 21:23
| #1 |
| |  Claro Search Hallo, ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite aufgerufen wird, auch nach einer Umstellung in den Einstellungen erscheint diese Startseite. Des Weiteren habe ich heute Nachmittag auf einige wichtige Emails gewartet, die allerdings vom Thunderbird nicht heruntergeladen wurden. Online sind sie da, aber nicht im Thunderbird. Ich war schon froh, dass der Bestätigungslink für das Trojaner-Board angekommen ist.  Ich hoffe alle Schritte richtig zu befolgen, da ich nicht ganz so fit bin. Nebenbei habe ich einen Vollzeitjob, baue ein Haus und habe 2 kleine Kinder - daher bitte nicht böse sein, wenn es mal ein wenig länger dauert. Nun zu den geforderten Infos: Schritt 1: defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:18 on 15/11/2012 (Heiko) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Schritt 2: OTL logfile created on: 15.11.2012 21:24:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free 5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.15 15:41:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2012.01.04 19:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe PRC - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe PRC - [2009.09.08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.09.07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009.08.23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.08.06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe MOD - [2012.06.16 14:11:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.06.15 21:30:54 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.15 21:30:44 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 21:29:57 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 21:29:49 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 07:20:56 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.10 07:15:38 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:15:36 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 07:14:37 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 07:14:33 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 07:14:31 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 07:14:20 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.16 00:18:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2011.09.16 00:18:04 | 000,114,688 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll MOD - [2011.09.16 00:17:06 | 002,888,416 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2011.09.16 00:17:04 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.04.05 19:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.DLL MOD - [2010.04.05 19:52:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL MOD - [2010.04.01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll MOD - [2010.04.01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll MOD - [2009.05.27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll MOD - [2009.05.06 07:06:57 | 000,167,936 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpr.dll MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll MOD - [2009.04.23 10:00:35 | 000,344,064 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeecomx.dll MOD - [2009.04.20 00:57:37 | 006,250,496 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpb.dll MOD - [2009.04.20 00:50:39 | 001,183,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprp.dll MOD - [2009.04.20 00:46:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeegcfg.dll MOD - [2009.04.07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll MOD - [2009.03.30 12:18:48 | 000,165,888 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeedrui.dll MOD - [2009.03.23 12:26:10 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeptpc.dll MOD - [2009.03.09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.14 13:41:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.29 21:14:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2010.05.02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc) SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device) SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.09.01 09:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.17 04:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4612_5&babsrc=SP_ss&mntrId=a4df80400000000000000626b69b035f IE - HKCU\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D IE - HKCU\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4df80400000000000000626b69b035f&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.15 14:03:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.15 14:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions [2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 19:42:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com [2012.01.04 19:17:04 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\askcom.xml [2012.11.15 14:03:02 | 000,002,514 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\browsemngr.xml [2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.15 14:03:03 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.15 14:02:47 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - HKCU..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] () O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.15 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Claro [2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.15 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD [2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.15 14:02:37 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll [2012.11.15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.11.15 21:06:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012.11.15 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012.11.15 18:25:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 15:43:09 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 14:02:40 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.11.15 14:02:40 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.06 20:42:29 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.11.06 20:42:29 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.11.06 20:42:29 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.11.06 20:42:29 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF [2012.10.18 21:52:37 | 000,075,084 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF [2012.10.18 21:15:33 | 001,939,472 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF [2012.10.18 19:43:07 | 003,222,752 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF ========== Files Created - No Company Name ========== [2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 14:02:40 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.11.15 14:02:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF [2012.10.18 20:13:07 | 001,939,472 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF [2012.10.18 20:12:27 | 000,075,084 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF [2012.10.18 19:43:06 | 003,222,752 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF [2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll [2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll [2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll [2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll [2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll [2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll [2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll [2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll [2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll [2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll [2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll [2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll [2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll [2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll [2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe [2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll [2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe [2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll [2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe [2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll [2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll [2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll [2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll [2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll [2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll [2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll [2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll [2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll [2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll [2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll [2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI [2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.22 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.10.06 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.11.15 14:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2010.02.11 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2011.06.22 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec [2012.11.15 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claro [2011.06.22 19:11:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2012.10.11 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.10.11 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.23 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.07.01 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Sound Recorder [2010.03.04 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2010.03.04 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.05.04 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2010.10.16 21:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus [2010.02.24 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.06.22 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.09.27 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo [2012.09.05 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2010.02.24 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.11.15 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2010.01.21 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2010.01.14 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rorig Software [2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > OTL Extras logfile created on: 15.11.2012 21:24:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free 5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system | "{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system | "{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system | "{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system | "{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system | "{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system | "{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system | "{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system | "{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system | "{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe | "{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe | "{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe | "{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | "{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe | "{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe | "{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | "TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | "TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | "TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | "TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe | "UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp | "UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe | "UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | "UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | "UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe | "UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5 "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "claro" = Claro LTD toolbar "FileZilla Client" = FileZilla Client 3.5.3 "Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005 "Free Sound Recorder_is1" = Free Sound Recorder v9.4.1 "Free Studio_is1" = Free Studio version 5.7.5.1005 "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series "MEDION NAS TOOL" = MEDION NAS TOOL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6 "Sweet Home 3D_is1" = Sweet Home 3D version 2.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.10.2012 14:29:25 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 14.10.2012 13:46:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 14.10.2012 13:46:43 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 15.10.2012 11:20:13 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 16.10.2012 14:38:04 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 16.10.2012 16:40:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.10.2012 16:41:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.10.2012 00:43:52 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 17.10.2012 22:24:56 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 18.10.2012 10:16:34 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = Error - 18.10.2012 10:35:36 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.10.2012 10:36:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 20.10.2012 00:27:19 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0 Description = [ OSession Events ] Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 15.11.2012 10:45:48 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 10:45:51 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 12:35:02 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:11 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:14 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:18 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 13:27:21 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 14:43:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 15:30:13 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error - 15.11.2012 15:47:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319 Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. < End of report > Sorry, hat etwas gedauert. Ich hätte die 3 Schritte vor der Öffnung des Beitrages durchführen sollen. Mir ist noch eingefallen, dass der Download von Avira heute Vormittag nur im Schneckentempo lief - normal habe ich eine super Verbindung. Nun aber zum 3. Schritt: Schritt 3: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 22:26:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: ykcz9hv8.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys
---- System - GMER 1.0.15 ----
SSDT 90835636 ZwCreateSection
SSDT 90835640 ZwRequestWaitReplyPort
SSDT 9083563B ZwSetContextThread
SSDT 90835645 ZwSetSecurityObject
SSDT 9083564A ZwSystemDebugControl
SSDT 908355D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830439C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830634E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8306A87C 4 Bytes [36, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8306ABD8 4 Bytes [40, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8306AC1C 4 Bytes [3B, 56, 83, 90] {CMP EDX, [ESI-0x7d]; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8306AC98 4 Bytes [45, 56, 83, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8306ACEC 4 Bytes [4A, 56, 83, 90]
.text ...
.text user32.dll!DialogBoxParamW 752D3B9B 5 Bytes [E9, A0, 09, AB, FF] {JMP 0xffffffffffab09a5}
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\wininit.exe[492] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\services.exe[544] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\lsass.exe[560] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\windows\system32\winlogon.exe[660] USER32.dll!DialogBoxParamW 752D3B9B 5 Bytes JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Vorab schon einmal vielen Dank & bis hoffentlich morgen. Heiko Geändert von HAK (15.11.2012 um 21:48 Uhr) Grund: Für OTL musste ich alle Programme schließen. |
|
17.11.2012, 22:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Claro Search Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
18.11.2012, 21:07
| #3 | ||
| | Claro Search 1. aswMBR
__________________Der Scan lief bei mir im voreigestellten Modus nicht. Bei der Position Temporary Internet Files hat der Scan gestoppt, bei einem zweiten Durchlauf kam das gleiche Ergebnis. Darauf hin habe ich die Einstellung (none) im Dropdown AV scan gewählt und folgende Log erhalten: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 20:21:18
-----------------------------
20:21:18.582 OS Version: Windows 6.1.7601 Service Pack 1
20:21:18.582 Number of processors: 2 586 0x170A
20:21:18.583 ComputerName: ***-PC UserName: ***
20:21:19.206 Initialize success
20:21:27.131 AVAST engine defs: 12111801
20:21:39.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:21:39.205 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
20:21:39.294 Disk 0 MBR read successfully
20:21:39.299 Disk 0 MBR scan
20:21:39.307 Disk 0 unknown MBR code
20:21:39.320 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:21:39.347 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:21:39.369 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 104321 MB offset 31664128
20:21:39.395 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 185462 MB offset 245313536
20:21:39.407 Disk 0 scanning sectors +625139712
20:21:39.506 Disk 0 scanning C:\windows\system32\drivers
20:21:57.832 Service scanning
20:22:21.112 Modules scanning
20:22:37.381 Disk 0 trace - called modules:
20:22:37.414 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:22:37.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dd31f0]
20:22:37.428 3 CLASSPNP.SYS[8c7a059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f8c028]
20:22:37.435 Scan finished successfully
20:23:15.691 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:23:15.697 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
2. TDSS-Killer Ich habe folgendes Log erhalten: Code:
ATTFilter 20:31:27.0059 2480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:31:27.0325 2480 ============================================================
20:31:27.0325 2480 Current date / time: 2012/11/18 20:31:27.0325
20:31:27.0325 2480 SystemInfo:
20:31:27.0325 2480
20:31:27.0325 2480 OS Version: 6.1.7601 ServicePack: 1.0
20:31:27.0325 2480 Product type: Workstation
20:31:27.0325 2480 ComputerName: ***-PC
20:31:27.0325 2480 UserName: ***
20:31:27.0325 2480 Windows directory: C:\windows
20:31:27.0325 2480 System windows directory: C:\windows
20:31:27.0325 2480 Processor architecture: Intel x86
20:31:27.0325 2480 Number of processors: 2
20:31:27.0325 2480 Page size: 0x1000
20:31:27.0325 2480 Boot type: Normal boot
20:31:27.0325 2480 ============================================================
20:31:27.0761 2480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:31:27.0808 2480 Drive \Device\Harddisk1\DR1 - Size: 0xEE800000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:27.0808 2480 ============================================================
20:31:27.0808 2480 \Device\Harddisk0\DR0:
20:31:27.0808 2480 MBR partitions:
20:31:27.0808 2480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
20:31:27.0808 2480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xCBC0800
20:31:27.0808 2480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE9F3000, BlocksNum 0x16A3B000
20:31:27.0808 2480 \Device\Harddisk1\DR1:
20:31:27.0808 2480 MBR partitions:
20:31:27.0808 2480 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x773FC1
20:31:27.0808 2480 ============================================================
20:31:27.0855 2480 C: <-> \Device\Harddisk0\DR0\Partition2
20:31:27.0902 2480 D: <-> \Device\Harddisk0\DR0\Partition3
20:31:27.0902 2480 ============================================================
20:31:27.0902 2480 Initialize success
20:31:27.0902 2480 ============================================================
20:31:51.0848 4892 ============================================================
20:31:51.0848 4892 Scan started
20:31:51.0848 4892 Mode: Manual; SigCheck; TDLFS;
20:31:51.0848 4892 ============================================================
20:31:52.0238 4892 ================ Scan system memory ========================
20:31:52.0238 4892 System memory - ok
20:31:52.0238 4892 ================ Scan services =============================
20:31:52.0425 4892 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:31:52.0550 4892 1394ohci - ok
20:31:52.0675 4892 ACDaemon - ok
20:31:52.0722 4892 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:31:52.0737 4892 ACPI - ok
20:31:52.0815 4892 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:31:52.0893 4892 AcpiPmi - ok
20:31:52.0987 4892 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:31:53.0018 4892 AdobeFlashPlayerUpdateSvc - ok
20:31:53.0065 4892 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:31:53.0096 4892 adp94xx - ok
20:31:53.0112 4892 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:31:53.0143 4892 adpahci - ok
20:31:53.0143 4892 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:31:53.0174 4892 adpu320 - ok
20:31:53.0190 4892 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:31:53.0252 4892 AeLookupSvc - ok
20:31:53.0299 4892 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
20:31:53.0361 4892 AFD - ok
20:31:53.0392 4892 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
20:31:53.0424 4892 agp440 - ok
20:31:53.0455 4892 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
20:31:53.0470 4892 aic78xx - ok
20:31:53.0502 4892 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
20:31:53.0517 4892 ALG - ok
20:31:53.0548 4892 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
20:31:53.0564 4892 aliide - ok
20:31:53.0564 4892 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
20:31:53.0595 4892 amdagp - ok
20:31:53.0611 4892 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
20:31:53.0626 4892 amdide - ok
20:31:53.0673 4892 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:31:53.0720 4892 AmdK8 - ok
20:31:53.0720 4892 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:31:53.0751 4892 AmdPPM - ok
20:31:53.0798 4892 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
20:31:53.0814 4892 amdsata - ok
20:31:53.0845 4892 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:31:53.0860 4892 amdsbs - ok
20:31:53.0876 4892 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:31:53.0892 4892 amdxata - ok
20:31:54.0001 4892 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:31:54.0032 4892 AntiVirSchedulerService - ok
20:31:54.0063 4892 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:31:54.0079 4892 AntiVirService - ok
20:31:54.0126 4892 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
20:31:54.0172 4892 AppID - ok
20:31:54.0204 4892 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:31:54.0282 4892 AppIDSvc - ok
20:31:54.0313 4892 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
20:31:54.0344 4892 Appinfo - ok
20:31:54.0391 4892 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
20:31:54.0406 4892 arc - ok
20:31:54.0422 4892 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:31:54.0438 4892 arcsas - ok
20:31:54.0453 4892 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:31:54.0500 4892 AsyncMac - ok
20:31:54.0547 4892 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
20:31:54.0562 4892 atapi - ok
20:31:54.0625 4892 [ 2EB96571FE865F07ED1FD6017575026F ] athr C:\windows\system32\DRIVERS\athr.sys
20:31:54.0703 4892 athr - ok
20:31:54.0765 4892 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:31:54.0812 4892 AudioEndpointBuilder - ok
20:31:54.0843 4892 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
20:31:54.0874 4892 Audiosrv - ok
20:31:54.0952 4892 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
20:31:54.0968 4892 avgntflt - ok
20:31:55.0015 4892 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
20:31:55.0030 4892 avipbb - ok
20:31:55.0062 4892 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
20:31:55.0093 4892 avkmgr - ok
20:31:55.0140 4892 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
20:31:55.0249 4892 AxInstSV - ok
20:31:55.0296 4892 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
20:31:55.0342 4892 b06bdrv - ok
20:31:55.0374 4892 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
20:31:55.0389 4892 b57nd60x - ok
20:31:55.0452 4892 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
20:31:55.0514 4892 BDESVC - ok
20:31:55.0545 4892 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
20:31:55.0576 4892 Beep - ok
20:31:55.0639 4892 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
20:31:55.0717 4892 BFE - ok
20:31:55.0764 4892 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
20:31:55.0810 4892 BITS - ok
20:31:55.0826 4892 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:31:55.0857 4892 blbdrive - ok
20:31:55.0888 4892 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:31:55.0920 4892 bowser - ok
20:31:55.0951 4892 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:31:56.0029 4892 BrFiltLo - ok
20:31:56.0060 4892 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:31:56.0076 4892 BrFiltUp - ok
20:31:56.0107 4892 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
20:31:56.0169 4892 Browser - ok
20:31:56.0356 4892 [ 52BE156F6C23B2995AFACE7091D18493 ] Browser Manager C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
20:31:56.0528 4892 Browser Manager - ok
20:31:56.0575 4892 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:31:56.0622 4892 Brserid - ok
20:31:56.0637 4892 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:31:56.0668 4892 BrSerWdm - ok
20:31:56.0684 4892 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:31:56.0715 4892 BrUsbMdm - ok
20:31:56.0731 4892 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:31:56.0778 4892 BrUsbSer - ok
20:31:56.0824 4892 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:31:56.0856 4892 BTHMODEM - ok
20:31:56.0902 4892 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
20:31:56.0949 4892 bthserv - ok
20:31:56.0965 4892 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:31:57.0027 4892 cdfs - ok
20:31:57.0074 4892 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:31:57.0121 4892 cdrom - ok
20:31:57.0183 4892 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
20:31:57.0214 4892 CertPropSvc - ok
20:31:57.0246 4892 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:31:57.0261 4892 circlass - ok
20:31:57.0308 4892 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
20:31:57.0339 4892 CLFS - ok
20:31:57.0417 4892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:57.0448 4892 clr_optimization_v2.0.50727_32 - ok
20:31:57.0526 4892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:57.0558 4892 clr_optimization_v4.0.30319_32 - ok
20:31:57.0604 4892 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:31:57.0636 4892 CmBatt - ok
20:31:57.0651 4892 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
20:31:57.0682 4892 cmdide - ok
20:31:57.0714 4892 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
20:31:57.0760 4892 CNG - ok
20:31:57.0792 4892 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:31:57.0807 4892 Compbatt - ok
20:31:57.0838 4892 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
20:31:57.0885 4892 CompositeBus - ok
20:31:57.0901 4892 COMSysApp - ok
20:31:57.0916 4892 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:31:57.0932 4892 crcdisk - ok
20:31:57.0994 4892 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
20:31:58.0041 4892 CryptSvc - ok
20:31:58.0088 4892 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
20:31:58.0150 4892 DcomLaunch - ok
20:31:58.0182 4892 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
20:31:58.0228 4892 defragsvc - ok
20:31:58.0260 4892 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:31:58.0306 4892 DfsC - ok
20:31:58.0353 4892 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
20:31:58.0400 4892 Dhcp - ok
20:31:58.0431 4892 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
20:31:58.0462 4892 discache - ok
20:31:58.0494 4892 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
20:31:58.0525 4892 Disk - ok
20:31:58.0556 4892 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:31:58.0587 4892 Dnscache - ok
20:31:58.0634 4892 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
20:31:58.0665 4892 dot3svc - ok
20:31:58.0712 4892 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
20:31:58.0759 4892 DPS - ok
20:31:58.0790 4892 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:31:58.0821 4892 drmkaud - ok
20:31:58.0868 4892 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:31:58.0899 4892 DXGKrnl - ok
20:31:58.0930 4892 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
20:31:58.0962 4892 EapHost - ok
20:31:59.0071 4892 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
20:31:59.0227 4892 ebdrv - ok
20:31:59.0258 4892 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
20:31:59.0305 4892 EFS - ok
20:31:59.0367 4892 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:31:59.0445 4892 ehRecvr - ok
20:31:59.0476 4892 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
20:31:59.0508 4892 ehSched - ok
20:31:59.0554 4892 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:31:59.0570 4892 elxstor - ok
20:31:59.0601 4892 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
20:31:59.0632 4892 ErrDev - ok
20:31:59.0679 4892 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
20:31:59.0726 4892 EventSystem - ok
20:31:59.0742 4892 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
20:31:59.0788 4892 exfat - ok
20:31:59.0804 4892 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
20:31:59.0851 4892 fastfat - ok
20:31:59.0913 4892 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
20:31:59.0976 4892 Fax - ok
20:31:59.0991 4892 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:32:00.0022 4892 fdc - ok
20:32:00.0054 4892 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
20:32:00.0100 4892 fdPHost - ok
20:32:00.0116 4892 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
20:32:00.0163 4892 FDResPub - ok
20:32:00.0178 4892 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:32:00.0194 4892 FileInfo - ok
20:32:00.0210 4892 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:32:00.0256 4892 Filetrace - ok
20:32:00.0272 4892 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:32:00.0303 4892 flpydisk - ok
20:32:00.0319 4892 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:32:00.0334 4892 FltMgr - ok
20:32:00.0381 4892 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
20:32:00.0444 4892 FontCache - ok
20:32:00.0522 4892 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:00.0537 4892 FontCache3.0.0.0 - ok
20:32:00.0553 4892 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:32:00.0568 4892 FsDepends - ok
20:32:00.0600 4892 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
20:32:00.0615 4892 fssfltr - ok
20:32:00.0678 4892 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:32:00.0740 4892 fsssvc - ok
20:32:00.0771 4892 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:32:00.0802 4892 Fs_Rec - ok
20:32:00.0849 4892 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:32:00.0865 4892 fvevol - ok
20:32:00.0896 4892 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:32:00.0912 4892 gagp30kx - ok
20:32:00.0958 4892 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
20:32:01.0052 4892 gpsvc - ok
20:32:01.0068 4892 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:32:01.0099 4892 hcw85cir - ok
20:32:01.0161 4892 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:32:01.0192 4892 HdAudAddService - ok
20:32:01.0208 4892 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
20:32:01.0255 4892 HDAudBus - ok
20:32:01.0255 4892 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:32:01.0286 4892 HidBatt - ok
20:32:01.0302 4892 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:32:01.0333 4892 HidBth - ok
20:32:01.0333 4892 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:32:01.0364 4892 HidIr - ok
20:32:01.0395 4892 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
20:32:01.0442 4892 hidserv - ok
20:32:01.0473 4892 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:32:01.0504 4892 HidUsb - ok
20:32:01.0536 4892 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
20:32:01.0582 4892 hkmsvc - ok
20:32:01.0629 4892 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:32:01.0692 4892 HomeGroupListener - ok
20:32:01.0738 4892 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:32:01.0785 4892 HomeGroupProvider - ok
20:32:01.0816 4892 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:32:01.0832 4892 HpSAMD - ok
20:32:01.0910 4892 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:32:01.0941 4892 HTTP - ok
20:32:01.0988 4892 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:32:02.0004 4892 hwpolicy - ok
20:32:02.0066 4892 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
20:32:02.0113 4892 i8042prt - ok
20:32:02.0160 4892 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:32:02.0191 4892 iaStor - ok
20:32:02.0206 4892 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:32:02.0238 4892 iaStorV - ok
20:32:02.0300 4892 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:02.0362 4892 idsvc - ok
20:32:02.0518 4892 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
20:32:02.0690 4892 igfx - ok
20:32:02.0721 4892 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:32:02.0737 4892 iirsp - ok
20:32:02.0784 4892 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
20:32:02.0893 4892 IKEEXT - ok
20:32:02.0986 4892 [ DB96B8BD676BB24BD4F1DC53CA1F182C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
20:32:03.0127 4892 IntcAzAudAddService - ok
20:32:03.0142 4892 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
20:32:03.0158 4892 intelide - ok
20:32:03.0189 4892 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:32:03.0205 4892 intelppm - ok
20:32:03.0236 4892 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:32:03.0283 4892 IPBusEnum - ok
20:32:03.0314 4892 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:32:03.0392 4892 IpFilterDriver - ok
20:32:03.0454 4892 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:32:03.0532 4892 iphlpsvc - ok
20:32:03.0579 4892 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:32:03.0610 4892 IPMIDRV - ok
20:32:03.0626 4892 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:32:03.0657 4892 IPNAT - ok
20:32:03.0673 4892 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
20:32:03.0735 4892 IRENUM - ok
20:32:03.0766 4892 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:32:03.0782 4892 isapnp - ok
20:32:03.0813 4892 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:32:03.0829 4892 iScsiPrt - ok
20:32:03.0860 4892 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:32:03.0876 4892 kbdclass - ok
20:32:03.0907 4892 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:32:03.0938 4892 kbdhid - ok
20:32:03.0954 4892 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
20:32:03.0969 4892 KeyIso - ok
20:32:04.0000 4892 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:32:04.0016 4892 KSecDD - ok
20:32:04.0032 4892 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:32:04.0063 4892 KSecPkg - ok
20:32:04.0094 4892 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
20:32:04.0141 4892 KtmRm - ok
20:32:04.0172 4892 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
20:32:04.0219 4892 LanmanServer - ok
20:32:04.0250 4892 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:32:04.0297 4892 LanmanWorkstation - ok
20:32:04.0344 4892 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:32:04.0375 4892 LBTServ - ok
20:32:04.0422 4892 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
20:32:04.0437 4892 LHidFilt - ok
20:32:04.0484 4892 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:32:04.0515 4892 lltdio - ok
20:32:04.0546 4892 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
20:32:04.0593 4892 lltdsvc - ok
20:32:04.0624 4892 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
20:32:04.0671 4892 lmhosts - ok
20:32:04.0671 4892 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
20:32:04.0687 4892 LMouFilt - ok
20:32:04.0718 4892 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:32:04.0734 4892 LSI_FC - ok
20:32:04.0749 4892 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:32:04.0780 4892 LSI_SAS - ok
20:32:04.0796 4892 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:32:04.0812 4892 LSI_SAS2 - ok
20:32:04.0812 4892 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:32:04.0843 4892 LSI_SCSI - ok
20:32:04.0858 4892 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
20:32:04.0921 4892 luafv - ok
20:32:05.0014 4892 [ 6311F8863D898CE60C048779F9D86E74 ] lxecCATSCustConnectService C:\windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
20:32:05.0046 4892 lxecCATSCustConnectService - ok
20:32:05.0077 4892 lxec_device - ok
20:32:05.0124 4892 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:32:05.0155 4892 Mcx2Svc - ok
20:32:05.0186 4892 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:32:05.0202 4892 megasas - ok
20:32:05.0233 4892 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:32:05.0248 4892 MegaSR - ok
20:32:05.0326 4892 [ 6F62B8758B0C164E6D9BA7CACF9476C6 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
20:32:05.0342 4892 MemeoBackgroundService - ok
20:32:05.0373 4892 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
20:32:05.0436 4892 MMCSS - ok
20:32:05.0436 4892 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
20:32:05.0482 4892 Modem - ok
20:32:05.0529 4892 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:32:05.0545 4892 monitor - ok
20:32:05.0592 4892 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:32:05.0623 4892 mouclass - ok
20:32:05.0654 4892 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:32:05.0701 4892 mouhid - ok
20:32:05.0732 4892 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:32:05.0748 4892 mountmgr - ok
20:32:05.0810 4892 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:32:05.0841 4892 MozillaMaintenance - ok
20:32:05.0872 4892 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
20:32:05.0888 4892 mpio - ok
20:32:05.0919 4892 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:32:05.0950 4892 mpsdrv - ok
20:32:05.0997 4892 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
20:32:06.0075 4892 MpsSvc - ok
20:32:06.0106 4892 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:32:06.0122 4892 MRxDAV - ok
20:32:06.0169 4892 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:32:06.0216 4892 mrxsmb - ok
20:32:06.0247 4892 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:32:06.0278 4892 mrxsmb10 - ok
20:32:06.0294 4892 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:32:06.0325 4892 mrxsmb20 - ok
20:32:06.0356 4892 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
20:32:06.0372 4892 msahci - ok
20:32:06.0387 4892 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:32:06.0403 4892 msdsm - ok
20:32:06.0434 4892 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
20:32:06.0465 4892 MSDTC - ok
20:32:06.0496 4892 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
20:32:06.0543 4892 Msfs - ok
20:32:06.0559 4892 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:32:06.0590 4892 mshidkmdf - ok
20:32:06.0621 4892 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:32:06.0652 4892 msisadrv - ok
20:32:06.0684 4892 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:32:06.0762 4892 MSiSCSI - ok
20:32:06.0777 4892 msiserver - ok
20:32:06.0793 4892 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:32:06.0840 4892 MSKSSRV - ok
20:32:06.0871 4892 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:32:06.0902 4892 MSPCLOCK - ok
20:32:06.0933 4892 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:32:06.0964 4892 MSPQM - ok
20:32:06.0996 4892 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:32:07.0011 4892 MsRPC - ok
20:32:07.0042 4892 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
20:32:07.0058 4892 mssmbios - ok
20:32:07.0074 4892 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:32:07.0105 4892 MSTEE - ok
20:32:07.0105 4892 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:32:07.0136 4892 MTConfig - ok
20:32:07.0152 4892 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
20:32:07.0167 4892 Mup - ok
20:32:07.0214 4892 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
20:32:07.0261 4892 napagent - ok
20:32:07.0292 4892 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:32:07.0323 4892 NativeWifiP - ok
20:32:07.0370 4892 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
20:32:07.0417 4892 NDIS - ok
20:32:07.0432 4892 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:32:07.0479 4892 NdisCap - ok
20:32:07.0495 4892 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:32:07.0542 4892 NdisTapi - ok
20:32:07.0588 4892 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:32:07.0651 4892 Ndisuio - ok
20:32:07.0698 4892 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:32:07.0744 4892 NdisWan - ok
20:32:07.0776 4892 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:32:07.0838 4892 NDProxy - ok
20:32:07.0869 4892 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:32:07.0900 4892 NetBIOS - ok
20:32:07.0932 4892 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:32:07.0978 4892 NetBT - ok
20:32:07.0994 4892 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
20:32:08.0010 4892 Netlogon - ok
20:32:08.0056 4892 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
20:32:08.0103 4892 Netman - ok
20:32:08.0119 4892 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
20:32:08.0181 4892 netprofm - ok
20:32:08.0212 4892 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:08.0228 4892 NetTcpPortSharing - ok
20:32:08.0244 4892 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:32:08.0259 4892 nfrd960 - ok
20:32:08.0306 4892 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
20:32:08.0337 4892 NlaSvc - ok
20:32:08.0353 4892 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
20:32:08.0384 4892 Npfs - ok
20:32:08.0400 4892 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
20:32:08.0431 4892 nsi - ok
20:32:08.0446 4892 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:32:08.0478 4892 nsiproxy - ok
20:32:08.0540 4892 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:32:08.0602 4892 Ntfs - ok
20:32:08.0618 4892 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
20:32:08.0649 4892 Null - ok
20:32:08.0899 4892 [ 2713392707E515EFB671751FA767EBD2 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
20:32:09.0304 4892 nvlddmkm - ok
20:32:09.0336 4892 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
20:32:09.0351 4892 nvraid - ok
20:32:09.0382 4892 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
20:32:09.0414 4892 nvstor - ok
20:32:09.0460 4892 [ D445466C0A10536486FBEBBC271D6E34 ] nvsvc C:\windows\system32\nvvsvc.exe
20:32:09.0492 4892 nvsvc - ok
20:32:09.0507 4892 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:32:09.0538 4892 nv_agp - ok
20:32:09.0632 4892 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:32:09.0679 4892 odserv - ok
20:32:09.0726 4892 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:32:09.0741 4892 ohci1394 - ok
20:32:09.0788 4892 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:09.0804 4892 ose - ok
20:32:09.0835 4892 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:32:09.0882 4892 p2pimsvc - ok
20:32:09.0913 4892 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
20:32:09.0928 4892 p2psvc - ok
20:32:09.0960 4892 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:32:09.0991 4892 Parport - ok
20:32:10.0022 4892 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
20:32:10.0038 4892 partmgr - ok
20:32:10.0053 4892 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
20:32:10.0100 4892 Parvdm - ok
20:32:10.0116 4892 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
20:32:10.0147 4892 PcaSvc - ok
20:32:10.0178 4892 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
20:32:10.0194 4892 pci - ok
20:32:10.0209 4892 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
20:32:10.0225 4892 pciide - ok
20:32:10.0256 4892 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:32:10.0272 4892 pcmcia - ok
20:32:10.0287 4892 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
20:32:10.0303 4892 pcw - ok
20:32:10.0350 4892 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:32:10.0412 4892 PEAUTH - ok
20:32:10.0490 4892 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
20:32:10.0615 4892 pla - ok
20:32:10.0630 4892 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:32:10.0708 4892 PlugPlay - ok
20:32:10.0740 4892 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:32:10.0771 4892 PNRPAutoReg - ok
20:32:10.0802 4892 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:32:10.0818 4892 PNRPsvc - ok
20:32:10.0864 4892 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:32:10.0896 4892 PolicyAgent - ok
20:32:10.0942 4892 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
20:32:10.0974 4892 Power - ok
20:32:11.0005 4892 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:32:11.0052 4892 PptpMiniport - ok
20:32:11.0067 4892 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
20:32:11.0083 4892 Processor - ok
20:32:11.0130 4892 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
20:32:11.0161 4892 ProfSvc - ok
20:32:11.0176 4892 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
20:32:11.0192 4892 ProtectedStorage - ok
20:32:11.0239 4892 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:32:11.0270 4892 Psched - ok
20:32:11.0332 4892 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:32:11.0426 4892 ql2300 - ok
20:32:11.0442 4892 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:32:11.0457 4892 ql40xx - ok
20:32:11.0488 4892 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
20:32:11.0535 4892 QWAVE - ok
20:32:11.0551 4892 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:32:11.0582 4892 QWAVEdrv - ok
20:32:11.0629 4892 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
20:32:11.0644 4892 RapiMgr - ok
20:32:11.0660 4892 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:32:11.0707 4892 RasAcd - ok
20:32:11.0738 4892 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:32:11.0769 4892 RasAgileVpn - ok
20:32:11.0800 4892 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
20:32:11.0847 4892 RasAuto - ok
20:32:11.0878 4892 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:32:11.0941 4892 Rasl2tp - ok
20:32:11.0988 4892 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
20:32:12.0034 4892 RasMan - ok
20:32:12.0050 4892 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:32:12.0097 4892 RasPppoe - ok
20:32:12.0128 4892 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:32:12.0159 4892 RasSstp - ok
20:32:12.0206 4892 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:32:12.0237 4892 rdbss - ok
20:32:12.0253 4892 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:32:12.0268 4892 rdpbus - ok
20:32:12.0300 4892 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:32:12.0331 4892 RDPCDD - ok
20:32:12.0362 4892 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:32:12.0393 4892 RDPENCDD - ok
20:32:12.0424 4892 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:32:12.0456 4892 RDPREFMP - ok
20:32:12.0487 4892 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:32:12.0534 4892 RDPWD - ok
20:32:12.0580 4892 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:32:12.0612 4892 rdyboost - ok
20:32:12.0627 4892 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
20:32:12.0705 4892 RemoteAccess - ok
20:32:12.0736 4892 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:32:12.0783 4892 RemoteRegistry - ok
20:32:12.0814 4892 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:32:12.0861 4892 RpcEptMapper - ok
20:32:12.0892 4892 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
20:32:12.0924 4892 RpcLocator - ok
20:32:12.0955 4892 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
20:32:13.0002 4892 RpcSs - ok
20:32:13.0033 4892 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:32:13.0080 4892 rspndr - ok
20:32:13.0111 4892 [ 05C2613F661584190C752F6184D1C8EF ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
20:32:13.0142 4892 RTL8167 - ok
20:32:13.0173 4892 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
20:32:13.0220 4892 SABI - ok
20:32:13.0236 4892 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
20:32:13.0251 4892 SamSs - ok
20:32:13.0314 4892 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:32:13.0329 4892 sbp2port - ok
20:32:13.0360 4892 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
20:32:13.0407 4892 SCardSvr - ok
20:32:13.0423 4892 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:32:13.0454 4892 scfilter - ok
20:32:13.0501 4892 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
20:32:13.0594 4892 Schedule - ok
20:32:13.0610 4892 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
20:32:13.0641 4892 SCPolicySvc - ok
20:32:13.0672 4892 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:32:13.0704 4892 SDRSVC - ok
20:32:13.0750 4892 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:32:13.0797 4892 secdrv - ok
20:32:13.0828 4892 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
20:32:13.0891 4892 seclogon - ok
20:32:13.0922 4892 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
20:32:13.0969 4892 SENS - ok
20:32:13.0984 4892 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
20:32:14.0031 4892 SensrSvc - ok
20:32:14.0078 4892 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:32:14.0125 4892 Serenum - ok
20:32:14.0140 4892 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:32:14.0172 4892 Serial - ok
20:32:14.0187 4892 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:32:14.0218 4892 sermouse - ok
20:32:14.0265 4892 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
20:32:14.0296 4892 SessionEnv - ok
20:32:14.0328 4892 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:32:14.0359 4892 sffdisk - ok
20:32:14.0374 4892 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:32:14.0406 4892 sffp_mmc - ok
20:32:14.0421 4892 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:32:14.0468 4892 sffp_sd - ok
20:32:14.0484 4892 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:32:14.0515 4892 sfloppy - ok
20:32:14.0562 4892 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
20:32:14.0608 4892 SharedAccess - ok
20:32:14.0640 4892 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:32:14.0671 4892 ShellHWDetection - ok
20:32:14.0702 4892 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
20:32:14.0718 4892 sisagp - ok
20:32:14.0749 4892 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:32:14.0764 4892 SiSRaid2 - ok
20:32:14.0780 4892 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:32:14.0796 4892 SiSRaid4 - ok
20:32:14.0827 4892 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
20:32:14.0858 4892 Smb - ok
20:32:14.0905 4892 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:32:14.0920 4892 SNMPTRAP - ok
20:32:15.0186 4892 [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3 C:\windows\system32\DRIVERS\snpstd3.sys
20:32:15.0529 4892 SNPSTD3 - ok
20:32:15.0560 4892 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
20:32:15.0576 4892 spldr - ok
20:32:15.0622 4892 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
20:32:15.0669 4892 Spooler - ok
20:32:15.0778 4892 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
20:32:15.0903 4892 sppsvc - ok
20:32:15.0934 4892 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:32:15.0966 4892 sppuinotify - ok
20:32:16.0044 4892 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:32:16.0059 4892 SQLWriter - ok
20:32:16.0090 4892 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
20:32:16.0137 4892 srv - ok
20:32:16.0168 4892 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:32:16.0215 4892 srv2 - ok
20:32:16.0231 4892 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:32:16.0262 4892 srvnet - ok
20:32:16.0293 4892 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:32:16.0324 4892 SSDPSRV - ok
20:32:16.0387 4892 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
20:32:16.0402 4892 ssmdrv - ok
20:32:16.0418 4892 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
20:32:16.0449 4892 SstpSvc - ok
20:32:16.0480 4892 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:32:16.0496 4892 stexstor - ok
20:32:16.0558 4892 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
20:32:16.0636 4892 StiSvc - ok
20:32:16.0683 4892 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
20:32:16.0714 4892 swenum - ok
20:32:16.0746 4892 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
20:32:16.0777 4892 swprv - ok
20:32:16.0824 4892 [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:32:16.0839 4892 SynTP - ok
20:32:16.0917 4892 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
20:32:17.0026 4892 SysMain - ok
20:32:17.0058 4892 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
20:32:17.0104 4892 TabletInputService - ok
20:32:17.0136 4892 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
20:32:17.0182 4892 TapiSrv - ok
20:32:17.0214 4892 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
20:32:17.0260 4892 TBS - ok
20:32:17.0323 4892 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:32:17.0385 4892 Tcpip - ok
20:32:17.0416 4892 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:32:17.0463 4892 TCPIP6 - ok
20:32:17.0494 4892 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:32:17.0541 4892 tcpipreg - ok
20:32:17.0572 4892 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:32:17.0619 4892 TDPIPE - ok
20:32:17.0650 4892 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:32:17.0666 4892 TDTCP - ok
20:32:17.0728 4892 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:32:17.0791 4892 tdx - ok
20:32:17.0806 4892 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
20:32:17.0822 4892 TermDD - ok
20:32:17.0869 4892 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
20:32:17.0931 4892 TermService - ok
20:32:17.0962 4892 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
20:32:17.0994 4892 Themes - ok
20:32:18.0009 4892 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
20:32:18.0056 4892 THREADORDER - ok
20:32:18.0072 4892 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
20:32:18.0118 4892 TrkWks - ok
20:32:18.0165 4892 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:32:18.0196 4892 TrustedInstaller - ok
20:32:18.0228 4892 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:32:18.0290 4892 tssecsrv - ok
20:32:18.0337 4892 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:32:18.0368 4892 TsUsbFlt - ok
20:32:18.0415 4892 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:32:18.0446 4892 tunnel - ok
20:32:18.0477 4892 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:32:18.0493 4892 uagp35 - ok
20:32:18.0524 4892 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:32:18.0571 4892 udfs - ok
20:32:18.0602 4892 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:32:18.0633 4892 UI0Detect - ok
20:32:18.0664 4892 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:32:18.0696 4892 uliagpkx - ok
20:32:18.0727 4892 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:32:18.0742 4892 umbus - ok
20:32:18.0774 4892 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:32:18.0805 4892 UmPass - ok
20:32:18.0820 4892 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
20:32:18.0867 4892 upnphost - ok
20:32:18.0930 4892 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
20:32:18.0961 4892 usbaudio - ok
20:32:19.0008 4892 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:32:19.0054 4892 usbccgp - ok
20:32:19.0086 4892 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:32:19.0132 4892 usbcir - ok
20:32:19.0148 4892 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:32:19.0164 4892 usbehci - ok
20:32:19.0195 4892 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:32:19.0242 4892 usbhub - ok
20:32:19.0257 4892 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:32:19.0288 4892 usbohci - ok
20:32:19.0335 4892 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:32:19.0351 4892 usbprint - ok
20:32:19.0382 4892 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:32:19.0413 4892 usbscan - ok
20:32:19.0429 4892 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:32:19.0460 4892 USBSTOR - ok
20:32:19.0476 4892 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:32:19.0507 4892 usbuhci - ok
20:32:19.0554 4892 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
20:32:19.0585 4892 usbvideo - ok
20:32:19.0632 4892 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
20:32:19.0663 4892 UxSms - ok
20:32:19.0694 4892 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
20:32:19.0710 4892 VaultSvc - ok
20:32:19.0725 4892 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:32:19.0741 4892 vdrvroot - ok
20:32:19.0788 4892 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
20:32:19.0850 4892 vds - ok
20:32:19.0866 4892 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:32:19.0881 4892 vga - ok
20:32:19.0912 4892 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
20:32:19.0944 4892 VgaSave - ok
20:32:19.0990 4892 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:32:20.0006 4892 vhdmp - ok
20:32:20.0037 4892 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
20:32:20.0053 4892 viaagp - ok
20:32:20.0068 4892 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
20:32:20.0100 4892 ViaC7 - ok
20:32:20.0131 4892 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
20:32:20.0146 4892 viaide - ok
20:32:20.0162 4892 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:32:20.0178 4892 volmgr - ok
20:32:20.0193 4892 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:32:20.0209 4892 volmgrx - ok
20:32:20.0240 4892 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:32:20.0256 4892 volsnap - ok
20:32:20.0287 4892 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:32:20.0302 4892 vsmraid - ok
20:32:20.0365 4892 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
20:32:20.0427 4892 VSS - ok
20:32:20.0458 4892 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:32:20.0490 4892 vwifibus - ok
20:32:20.0505 4892 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:32:20.0536 4892 vwififlt - ok
20:32:20.0552 4892 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:32:20.0568 4892 vwifimp - ok
20:32:20.0599 4892 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
20:32:20.0630 4892 W32Time - ok
20:32:20.0661 4892 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:32:20.0692 4892 WacomPen - ok
20:32:20.0724 4892 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:32:20.0770 4892 WANARP - ok
20:32:20.0786 4892 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:32:20.0817 4892 Wanarpv6 - ok
20:32:20.0864 4892 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
20:32:20.0973 4892 wbengine - ok
20:32:21.0004 4892 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:32:21.0036 4892 WbioSrvc - ok
20:32:21.0082 4892 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
20:32:21.0098 4892 WcesComm - ok
20:32:21.0145 4892 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
20:32:21.0176 4892 wcncsvc - ok
20:32:21.0192 4892 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:32:21.0223 4892 WcsPlugInService - ok
20:32:21.0254 4892 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
20:32:21.0270 4892 Wd - ok
20:32:21.0316 4892 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:32:21.0348 4892 Wdf01000 - ok
20:32:21.0363 4892 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
20:32:21.0426 4892 WdiServiceHost - ok
20:32:21.0426 4892 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
20:32:21.0441 4892 WdiSystemHost - ok
20:32:21.0472 4892 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
20:32:21.0519 4892 WebClient - ok
20:32:21.0550 4892 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
20:32:21.0582 4892 Wecsvc - ok
20:32:21.0597 4892 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
20:32:21.0660 4892 wercplsupport - ok
20:32:21.0691 4892 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
20:32:21.0722 4892 WerSvc - ok
20:32:21.0753 4892 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:32:21.0784 4892 WfpLwf - ok
20:32:21.0816 4892 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:32:21.0831 4892 WIMMount - ok
20:32:21.0894 4892 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:32:21.0972 4892 WinDefend - ok
20:32:21.0987 4892 WinHttpAutoProxySvc - ok
20:32:22.0034 4892 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:32:22.0081 4892 Winmgmt - ok
20:32:22.0143 4892 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
20:32:22.0237 4892 WinRM - ok
20:32:22.0299 4892 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:32:22.0330 4892 WinUsb - ok
20:32:22.0377 4892 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
20:32:22.0440 4892 Wlansvc - ok
20:32:22.0533 4892 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:22.0596 4892 wlidsvc - ok
20:32:22.0642 4892 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
20:32:22.0658 4892 WmiAcpi - ok
20:32:22.0689 4892 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:32:22.0736 4892 wmiApSrv - ok
20:32:22.0845 4892 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:32:22.0954 4892 WMPNetworkSvc - ok
20:32:22.0970 4892 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
20:32:23.0017 4892 WPCSvc - ok
20:32:23.0048 4892 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:32:23.0079 4892 WPDBusEnum - ok
20:32:23.0095 4892 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:32:23.0142 4892 ws2ifsl - ok
20:32:23.0157 4892 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
20:32:23.0173 4892 wscsvc - ok
20:32:23.0173 4892 WSearch - ok
20:32:23.0266 4892 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
20:32:23.0360 4892 wuauserv - ok
20:32:23.0391 4892 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:32:23.0422 4892 WudfPf - ok
20:32:23.0454 4892 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:32:23.0516 4892 WUDFRd - ok
20:32:23.0578 4892 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:32:23.0610 4892 wudfsvc - ok
20:32:23.0641 4892 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
20:32:23.0688 4892 WwanSvc - ok
20:32:23.0734 4892 wxpSvc - ok
20:32:23.0766 4892 ================ Scan global ===============================
20:32:23.0812 4892 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
20:32:23.0844 4892 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:32:23.0875 4892 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:32:23.0906 4892 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
20:32:23.0937 4892 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
20:32:23.0953 4892 [Global] - ok
20:32:23.0953 4892 ================ Scan MBR ==================================
20:32:23.0968 4892 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
20:32:24.0374 4892 \Device\Harddisk0\DR0 - ok
20:32:24.0374 4892 [ 096B4D6D03500A9B7DEB27F2244E9A60 ] \Device\Harddisk1\DR1
20:32:24.0499 4892 \Device\Harddisk1\DR1 - ok
20:32:24.0499 4892 ================ Scan VBR ==================================
20:32:24.0499 4892 [ FFCF558F995DC6506B87E0580F61DA7E ] \Device\Harddisk0\DR0\Partition1
20:32:24.0499 4892 \Device\Harddisk0\DR0\Partition1 - ok
20:32:24.0514 4892 [ 319B699787E0FE2B9C9794C007E3EE1C ] \Device\Harddisk0\DR0\Partition2
20:32:24.0514 4892 \Device\Harddisk0\DR0\Partition2 - ok
20:32:24.0546 4892 [ B087CF0DDE0814131A822DE9DF771EC0 ] \Device\Harddisk0\DR0\Partition3
20:32:24.0546 4892 \Device\Harddisk0\DR0\Partition3 - ok
20:32:24.0546 4892 [ 3A4CF3E46FB4916EA2B74040D0EE353F ] \Device\Harddisk1\DR1\Partition1
20:32:24.0546 4892 \Device\Harddisk1\DR1\Partition1 - ok
20:32:24.0546 4892 ============================================================
20:32:24.0546 4892 Scan finished
20:32:24.0546 4892 ============================================================
20:32:24.0561 1780 Detected object count: 0
20:32:24.0561 1780 Actual detected object count: 0
in dem Link: Zitat:
... ist eine Anleitung zum Entfernen der Funde, dies widerspricht Deinem Hinweis: Zitat:
 Dank & Gruß Heiko Geändert von HAK (18.11.2012 um 21:09 Uhr) Grund: Deutsche Sprache - schwere Sprache. |
|
18.11.2012, 23:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2012, 20:34
| #5 |
| | Claro Search Hallo cosinus. Vielen Dank , dass Du Dir die Nächte für meine Probleme um die Ohren haust. Mir gibt es ein sehr gutes Gefühl, dass sich jemand um die Lösung meines Problems kümmert. Ich habe mittlerweile die komplette Emailkorrespondenz eingestellt  und hoffe diese bald wieder aufnehmen zu können.Hier das Ergebnis des Suchlaufs mit AdwCleaner: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 19/11/2012 um 20:28:04 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Claro LTD
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gefunden : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\Claro LTD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js
Gefunden : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=NT_ss&mn[...]
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://de.search.yahoo.com/search?fr=greentre[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gefunden : user_pref("extensions.claro.instlDay", "15659");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4[...]
*************************
AdwCleaner[R1].txt - [13682 octets] - [19/11/2012 20:28:04]
########## EOF - C:\AdwCleaner[R1].txt - [13743 octets] ##########
|
|
19.11.2012, 20:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB Babylon oder Ask) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ --> Claro Search |
|
19.11.2012, 21:00
| #7 |
| | Claro Search Hallo, ich habe einige "Programme" mit Hilfe der Systemsteuerung deinstalliert. U.a. war claro auch dabei, leider ist dies immer noch die Startseite im Firefox. Hier das neue Log AdwCleaner[R2]: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 19/11/2012 um 20:58:36 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Ordner Gefunden : C:\Program Files\Common Files\spigot
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gefunden : user_pref("extensions.claro.instlDay", "15659");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
*************************
AdwCleaner[R1].txt - [13813 octets] - [19/11/2012 20:28:04]
AdwCleaner[R2].txt - [5811 octets] - [19/11/2012 20:58:36]
########## EOF - C:\AdwCleaner[R2].txt - [5871 octets] ##########
|
|
19.11.2012, 21:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2012, 22:14
| #9 |
| | Claro Search Nun habe ich das erste Mal wieder google als Startseite gesehen   Hier die Logs: 1. AdwCleaner: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 19/11/2012 um 21:44:13 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\q0wdlyrj.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=461[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "a4df80400000000000000626b69b035f");
Gelöscht : user_pref("extensions.claro.instlDay", "15659");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:02:56");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
*************************
AdwCleaner[R1].txt - [13813 octets] - [19/11/2012 20:28:04]
AdwCleaner[R2].txt - [5940 octets] - [19/11/2012 20:58:36]
AdwCleaner[S1].txt - [5769 octets] - [19/11/2012 21:44:13]
########## EOF - C:\AdwCleaner[S1].txt - [5829 octets] ##########
2. OTL Hier habe ich eine deutsche Version, aber ich denke die englischen Anweisungen ganz gut übersetzt zu haben. 2.1 OTL Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2012 21:53:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,76% Memory free 5,99 Gb Paging File | 4,67 Gb Available in Paging File | 78,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 101,88 Gb Total Space | 45,72 Gb Free Space | 44,88% Space Free | Partition Type: NTFS Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\phonostar-Player\phonostarTimer.exe () PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe () PRC - C:\Windows\System32\lxeccoms.exe ( ) PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe (Lexmark International, Inc.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Windows\vsnpstd3.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Program Files\phonostar-Player\phonostarTimer.exe () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe () MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll () MOD - C:\Windows\System32\LXECsmr.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll () MOD - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll () MOD - C:\Windows\System32\LXECsm.dll () MOD - C:\Windows\vsnpstd3.exe () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (wxpSvc) -- C:\Program Files\wLite\wService.exe (Moonware Studios) SRV - (lxec_device) -- C:\Windows\System32\lxeccoms.exe ( ) SRV - (lxecCATSCustConnectService) -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe () SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M] [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.19 20:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions [2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-771618654-3341757510-301361698-1001..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] () O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 20:26:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.11.18 19:56:54 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.17 21:26:12 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys [2012.11.17 21:26:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll [2012.11.17 21:25:21 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2012.11.17 21:25:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2012.11.17 21:25:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2012.11.17 21:24:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.11.17 21:24:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012.11.17 21:24:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.11.17 21:24:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.11.17 21:24:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.11.17 21:24:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.11.17 21:24:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.11.17 21:24:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.11.16 19:50:05 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll [2012.11.16 19:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll [2012.11.16 19:50:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll [2012.11.16 19:49:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll [2012.11.16 19:49:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.11.16 19:49:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll [2012.11.16 19:49:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll [2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.19 21:54:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 21:54:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 21:46:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.19 21:46:15 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.11.19 21:06:05 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job [2012.11.19 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job [2012.11.19 20:27:28 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.18 20:26:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.11.18 20:23:15 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2012.11.18 19:57:21 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.11.17 21:38:11 | 000,427,112 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.11.17 21:32:32 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.11.17 21:32:32 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.11.17 21:32:32 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.11.17 21:32:32 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.11.15 21:46:37 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\ykcz9hv8.exe [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 13:41:09 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.11.14 13:41:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF ========== Files Created - No Company Name ========== [2012.11.19 20:27:28 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.18 20:23:15 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2012.11.17 21:26:13 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 21:25:21 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 21:46:37 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\ykcz9hv8.exe [2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF [2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF [2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF [2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF [2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF [2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF [2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF [2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF [2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF [2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF [2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF [2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF [2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF [2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF [2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF [2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF [2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF [2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF [2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF [2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll [2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll [2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll [2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll [2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll [2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll [2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll [2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll [2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll [2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll [2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll [2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll [2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll [2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll [2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe [2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll [2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe [2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll [2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe [2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll [2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll [2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll [2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll [2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll [2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll [2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll [2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll [2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll [2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll [2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll [2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI [2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > 2.2 OTL Extras Logfile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.11.2012 21:53:01 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,76% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 78,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 45,72 Gb Free Space | 44,88% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe |
"{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe |
"{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe |
"{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe |
"{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FileZilla Client" = FileZilla Client 3.5.3
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Studio_is1" = Free Studio version 5.7.5.1005
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2012 19:27:32 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 21.10.2012 04:50:41 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =
Error - 21.10.2012 05:43:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.10.2012 05:43:44 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.10.2012 08:07:18 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.10.2012 08:07:47 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.10.2012 15:48:12 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.10.2012 15:48:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.10.2012 13:45:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.10.2012 13:45:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.11.2012 07:04:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.11.2012 07:05:04 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.11.2012 09:37:14 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =
[ OSession Events ]
Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.11.2012 14:37:31 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 18.11.2012 15:13:32 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 18.11.2012 15:37:33 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 18.11.2012 16:01:35 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 19.11.2012 14:41:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 19.11.2012 16:44:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 19.11.2012 16:46:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 19.11.2012 16:48:46 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 19.11.2012 16:48:49 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 19.11.2012 16:51:35 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
< End of report >
|
|
20.11.2012, 09:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-771618654-3341757510-301361698-1001\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
[2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 20:18
| #11 |
| | Claro Search Hallo cosinus. Habe OTL mit Deinen Angaben gefixt. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-771618654-3341757510-301361698-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}\ not found.
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
C:\ProgramData\FullRemove.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 19331635538 bytes
->Temporary Internet Files folder emptied: 202587119 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 888323984 bytes
->Flash cache emptied: 90167 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183254446 bytes
RecycleBin emptied: 2736720335 bytes
Total Files Cleaned = 22.262,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_200200
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.11.2012, 21:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.11.2012, 22:59
| #13 |
| | Claro Search Das hat gedauert! Der Lauf von Eset ging ca. 3,5 Stunden. Da ich aber auch eine externe Festplatte angeschlossen hatte, wird das wohl in Ordnung gehen. Alles erledigt, das Ergebnis wage ich nicht zu beurteilen, es wurde jedoch einiges gefunden. Hier die Logs: 1. Quickscan mit Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.21.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 21.11.2012 18:29:35 mbam-log-2012-11-21 (18-44-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210797 Laufzeit: 5 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) 2. ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ae12c59edfadd45887a5250495a65fe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-21 09:26:34
# local_time=2012-11-21 10:26:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 560493 560493 0 0
# compatibility_mode=5893 16776574 100 94 560482 105151872 0 0
# compatibility_mode=8192 67108863 100 0 4345 4345 0 0
# scanned=173165
# found=32
# cleaned=0
# scan_time=12513
C:\Users\***\Downloads\agsetup183se.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\PDFCreator-1_2_1_setup(1).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\PDFCreator-1_2_1_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\PDFCreator-1_2_2_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup(1).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2010-01-15 135752\Backup Files 2010-02-11 204829\Backup files 1.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2010-07-02 162721\Backup Files 2010-07-02 162721\Backup files 1.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2010-12-02 154943\Backup Files 2010-12-02 154943\Backup files 1.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-02-15 102250\Backup Files 2011-02-15 102250\Backup files 2.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 3.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 4.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-07-03 183558\Backup files 5.zip a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-08-01 202542\Backup files 4.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-07-03 183558\Backup Files 2011-10-02 120024\Backup files 5.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-11-01 190002\Backup files 11.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-11-01 190002\Backup files 13.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2011-11-01 190002\Backup Files 2011-12-01 201019\Backup files 8.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 3.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 5.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-01-01 203240\Backup Files 2012-01-01 203240\Backup files 6.zip a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 2.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 3.zip a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 4.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-04-01 215617\Backup Files 2012-05-01 194648\Backup files 5.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 4.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 5.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-08-02 103754\Backup Files 2012-08-02 103754\Backup files 6.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 10.zip a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 7.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\***-PC\Backup Set 2012-11-01 195118\Backup Files 2012-11-01 195118\Backup files 9.zip Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
Guts Nächtle. |
|
22.11.2012, 12:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro SearchCode:
ATTFilter C:\Users\***\Downloads\SoftonicDownloader_fuer_jetaudio.exe
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic! Sieht soweit ok aus, die Funde von ESET kann man vernachlässigen, eher hysterisch weil die Setups angemeckert wurden, denn sie können Toolbars mit installieren. Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2012, 16:43
| #15 |
| | Claro Search Zunächst einmal vielen Dank, es scheint wieder gut zu laufen.  Das einzige was mir noch aufgefallen ist: Bei geöffneten Fenstern, die oben bzw. unten ein "transparentes" Band verwenden flimmert dieses häufig. Das habe ich bei verschiedenen Programmen festgestellt. Thunderbird, Windows Fotoanzeige und auch bei dem Fenster zum Auswählen eines Programms zum Öffnen von Dateien. Zunächst dachte ich es liegt an dem Monitor des Notebooks, da es aber nur in den genannten Bändern auftaucht, denke ich mittlerweile das es nicht an der Hardware liegt. Evtl. werde ich mich noch einmal von einem anderen PC aus melden. Mein Schwiegervater kann derzeit wohl keine Emails mit PDF-Anhängen empfangen. Das Problem hatte ich auch, bevor Du mir geholfen hast. Vielen Dank. |
|
| Themen zu Claro Search |
| 7-zip, audiograbber, autostart, browser manager, einstellungen, emails, erscheint, firefox, gen, heute, hoffe, infos, install.exe, intranet, job, kinder, kleine, limited.com/facebook, länger, microsoft office 2003, office 2007, online, opfer, plug-in, richtig, schei, search, seite, start, startseite, super, thunderbird, troja, trojaner-board, wenig, wichtige |
Linear-Darstellung
