Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Claro Search

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 15.11.2012, 21:23   #1
HAK
 
Claro Search - Standard

Claro Search



Hallo,
ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite aufgerufen wird, auch nach einer Umstellung in den Einstellungen erscheint diese Startseite.

Des Weiteren habe ich heute Nachmittag auf einige wichtige Emails gewartet, die allerdings vom Thunderbird nicht heruntergeladen wurden. Online sind sie da, aber nicht im Thunderbird. Ich war schon froh, dass der Bestätigungslink für das Trojaner-Board angekommen ist.

Ich hoffe alle Schritte richtig zu befolgen, da ich nicht ganz so fit bin. Nebenbei habe ich einen Vollzeitjob, baue ein Haus und habe 2 kleine Kinder - daher bitte nicht böse sein, wenn es mal ein wenig länger dauert.

Nun zu den geforderten Infos:

Schritt 1:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:18 on 15/11/2012 (Heiko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


Schritt 2:

OTL logfile created on: 15.11.2012 21:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free
5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.15 15:41:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe
PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.01.04 19:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2009.09.08 00:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.08.23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.08.19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.08.06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.08.21 15:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files\phonostar-Player\phonostarTimer.exe
MOD - [2012.06.16 14:11:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.15 21:30:54 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.15 21:30:44 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.15 21:29:57 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 21:29:49 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 07:20:56 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.10 07:15:38 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 07:15:36 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 07:14:37 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 07:14:33 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 07:14:31 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 07:14:20 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.16 00:18:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
MOD - [2011.09.16 00:18:04 | 000,114,688 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll
MOD - [2011.09.16 00:17:06 | 002,888,416 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011.09.16 00:17:04 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011.09.16 00:16:44 | 000,322,784 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011.01.23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.04.05 19:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.DLL
MOD - [2010.04.05 19:52:18 | 000,053,248 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Mono.Nat.dll
MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL
MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL
MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL
MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL
MOD - [2010.04.01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll
MOD - [2010.04.01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll
MOD - [2009.05.27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009.05.06 07:06:57 | 000,167,936 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpr.dll
MOD - [2009.04.28 08:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll
MOD - [2009.04.23 10:00:35 | 000,344,064 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeecomx.dll
MOD - [2009.04.20 00:57:37 | 006,250,496 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprpb.dll
MOD - [2009.04.20 00:50:39 | 001,183,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeprp.dll
MOD - [2009.04.20 00:46:17 | 000,081,920 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeegcfg.dll
MOD - [2009.04.07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009.03.30 12:18:48 | 000,165,888 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeedrui.dll
MOD - [2009.03.23 12:26:10 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeeptpc.dll
MOD - [2009.03.09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009.02.20 09:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012.11.15 15:41:20 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.15 15:41:09 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.14 13:41:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.29 21:14:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2011.09.16 00:16:48 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010.05.02 22:34:28 | 005,027,328 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files\wLite\wService.exe -- (wxpSvc)
SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.09.01 09:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.17 04:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4612_5&babsrc=SP_ss&mntrId=a4df80400000000000000626b69b035f
IE - HKCU\..\SearchScopes\{1DEEDA9F-57A9-4803-A3C2-D3862316CA3C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=765E4CF7-9C1D-4C18-A593-118EE2FFDE16&apn_sauid=713E6AC3-50A2-4D8A-97AE-AF952FF3477D
IE - HKCU\..\SearchScopes\{EF333FFC-B473-4DD7-8C36-56DD3B14D627}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=HP_ss&mntrId=a4df80400000000000000626b69b035f"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4612_5&babsrc=KW_ss&mntrId=a4df80400000000000000626b69b035f&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.15 14:03:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 20:18:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.29 20:18:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 21:14:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.29 21:14:47 | 000,000,000 | ---D | M]

[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.12 18:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions
[2012.10.11 21:59:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 19:42:09 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q0wdlyrj.default\extensions\toolbar@ask.com
[2012.01.04 19:17:04 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\askcom.xml
[2012.11.15 14:03:02 | 000,002,514 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\q0wdlyrj.default\searchplugins\browsemngr.xml
[2012.10.29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.10.29 20:18:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.26 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.15 14:02:47 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.12 09:59:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.6.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DAA513-F05A-479B-9049-8F50547CF3D3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.09 07:20:38 | 000,000,055 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{5a47c95e-af19-11e0-b834-00245423fdbc}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{cd314f57-5bf7-11e1-ba49-00245423fdbc}\Shell\AutoRun\command - "" = J:\SecureDrive.exe -- [2011.06.29 10:01:40 | 004,537,856 | R--- | M] ()
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6434e1-3e87-11df-808e-00245423fdbc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SecureDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.15 21:20:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.11.15 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Claro
[2012.11.15 14:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.15 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.15 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.15 14:02:37 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\windows\System32\pdfcmon.dll
[2012.11.15 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.15 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.11.15 08:16:33 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 08:16:33 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 08:16:33 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 08:16:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.11.15 08:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.29 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.29 20:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll

========== Files - Modified Within 30 Days ==========

[2012.11.15 21:20:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.15 21:18:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 21:15:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 21:06:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001UA.job
[2012.11.15 21:06:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-771618654-3341757510-301361698-1001Core.job
[2012.11.15 18:25:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 15:50:47 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 15:43:09 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 15:41:23 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012.11.15 15:41:23 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012.11.15 15:41:23 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2012.11.15 14:02:40 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.15 14:02:40 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.15 08:16:40 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 12:17:49 | 000,488,268 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:14 | 000,491,552 | ---- | M] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:14 | 000,077,271 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:22 | 000,012,887 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | M] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.06 20:42:29 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.11.06 20:42:29 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.11.06 20:42:29 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.11.06 20:42:29 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.11.05 20:53:55 | 000,011,731 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:03 | 000,013,013 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:03 | 000,010,947 | ---- | M] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:09 | 000,011,100 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:12 | 000,013,085 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:57 | 000,012,927 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:52 | 002,276,311 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:45 | 000,010,437 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:10 | 003,894,087 | ---- | M] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:40 | 003,800,188 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | M] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | M] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
[2012.10.18 21:52:37 | 000,075,084 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF
[2012.10.18 21:15:33 | 001,939,472 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF
[2012.10.18 19:43:07 | 003,222,752 | ---- | M] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF

========== Files Created - No Company Name ==========

[2012.11.15 21:18:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.15 21:16:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.15 14:02:40 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.15 14:02:40 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.15 08:16:40 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.14 12:17:49 | 000,488,268 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;17;49.PDF
[2012.11.14 12:10:13 | 000,491,552 | ---- | C] () -- C:\Users\***\Documents\14-11-2012 12;10;13.PDF
[2012.11.12 19:59:13 | 000,077,271 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;59;05.RTF
[2012.11.12 19:39:21 | 000,012,887 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;39;14.RTF
[2012.11.12 19:20:14 | 000,012,731 | ---- | C] () -- C:\Users\***\Documents\12-11-2012 19;19;58.RTF
[2012.11.05 20:53:55 | 000,011,731 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 20;53;49.RTF
[2012.11.05 19:51:02 | 000,013,013 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;50;54.RTF
[2012.11.05 19:50:02 | 000,010,947 | ---- | C] () -- C:\Users\***\Documents\05-11-2012 19;49;54.RTF
[2012.11.02 18:25:08 | 000,011,100 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;25;02.RTF
[2012.11.02 18:16:11 | 000,013,085 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 18;16;05.RTF
[2012.11.02 17:55:56 | 000,012,927 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;55;50.RTF
[2012.11.02 17:44:51 | 002,276,311 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;44;28.RTF
[2012.11.02 17:43:44 | 000,010,437 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;43;38.RTF
[2012.11.02 17:39:09 | 003,894,087 | ---- | C] () -- C:\Users\***\Documents\02-11-2012 17;38;45.RTF
[2012.11.01 21:28:39 | 003,800,188 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;28;16.RTF
[2012.11.01 21:25:12 | 000,009,125 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;24;52.RTF
[2012.11.01 21:21:47 | 002,121,180 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;21;41.RTF
[2012.11.01 21:19:46 | 003,388,506 | ---- | C] () -- C:\Users\***\Documents\01-11-2012 21;18;59.RTF
[2012.10.21 09:52:50 | 000,015,522 | ---- | C] () -- C:\Users\***\Documents\21-10-2012 10;52;39.RTF
[2012.10.18 20:13:07 | 001,939,472 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;13;03.RTF
[2012.10.18 20:12:27 | 000,075,084 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 21;12;14.RTF
[2012.10.18 19:43:06 | 003,222,752 | ---- | C] () -- C:\Users\***\Documents\18-10-2012 20;43;06.PDF
[2011.10.19 10:23:53 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 17:09:34 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxecvs.dll
[2011.10.01 17:09:32 | 000,442,368 | ---- | C] ( ) -- C:\windows\System32\lxeccoin.dll
[2011.10.01 17:09:30 | 000,294,912 | ---- | C] () -- C:\windows\System32\lxeccui.dll
[2011.10.01 17:09:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\lxeccuir.dll
[2011.10.01 17:09:30 | 000,086,016 | ---- | C] () -- C:\windows\System32\lxecgcfg.dll
[2011.10.01 17:07:56 | 000,847,872 | ---- | C] ( ) -- C:\windows\System32\lxecusb1.dll
[2011.10.01 17:07:56 | 000,364,544 | ---- | C] ( ) -- C:\windows\System32\lxecinpa.dll
[2011.10.01 17:07:56 | 000,356,352 | ---- | C] ( ) -- C:\windows\System32\LXEChcp.dll
[2011.10.01 17:07:56 | 000,344,064 | ---- | C] ( ) -- C:\windows\System32\lxeciesc.dll
[2011.10.01 17:07:56 | 000,331,776 | ---- | C] () -- C:\windows\System32\LXECinst.dll
[2011.10.01 17:07:55 | 001,048,576 | ---- | C] ( ) -- C:\windows\System32\lxecserv.dll
[2011.10.01 17:07:55 | 000,802,816 | ---- | C] ( ) -- C:\windows\System32\lxeccomc.dll
[2011.10.01 17:07:55 | 000,688,128 | ---- | C] ( ) -- C:\windows\System32\lxechbn3.dll
[2011.10.01 17:07:55 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxecpmui.dll
[2011.10.01 17:07:55 | 000,598,696 | ---- | C] ( ) -- C:\windows\System32\lxeccoms.exe
[2011.10.01 17:07:55 | 000,577,536 | ---- | C] ( ) -- C:\windows\System32\lxeclmpm.dll
[2011.10.01 17:07:55 | 000,373,416 | ---- | C] ( ) -- C:\windows\System32\lxeccfg.exe
[2011.10.01 17:07:55 | 000,372,736 | ---- | C] ( ) -- C:\windows\System32\lxeccomm.dll
[2011.10.01 17:07:55 | 000,324,264 | ---- | C] ( ) -- C:\windows\System32\lxecih.exe
[2011.10.01 17:07:55 | 000,323,584 | ---- | C] () -- C:\windows\System32\lxecins.dll
[2011.10.01 17:07:55 | 000,262,144 | ---- | C] () -- C:\windows\System32\lxecinsb.dll
[2011.10.01 17:07:55 | 000,253,952 | ---- | C] () -- C:\windows\System32\lxeccu.dll
[2011.10.01 17:07:55 | 000,208,896 | ---- | C] () -- C:\windows\System32\lxecgrd.dll
[2011.10.01 17:07:55 | 000,114,688 | ---- | C] () -- C:\windows\System32\lxecinsr.dll
[2011.10.01 17:07:55 | 000,090,112 | ---- | C] () -- C:\windows\System32\lxeccub.dll
[2011.10.01 17:07:55 | 000,057,344 | ---- | C] () -- C:\windows\System32\lxecjswr.dll
[2011.10.01 17:07:55 | 000,036,864 | ---- | C] () -- C:\windows\System32\lxeccur.dll
[2011.10.01 17:04:32 | 000,299,008 | ---- | C] () -- C:\windows\System32\LXECsm.dll
[2011.10.01 17:04:32 | 000,024,064 | ---- | C] () -- C:\windows\System32\LXECsmr.dll
[2011.06.29 13:32:17 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss
[2011.06.22 21:12:34 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2011.06.22 20:51:38 | 000,001,469 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2011.06.07 11:45:01 | 000,002,120 | ---- | C] () -- C:\windows\System32\SETUP.INI
[2010.01.07 20:31:49 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.06.22 21:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.10.06 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.11.15 14:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2010.02.11 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2011.06.22 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Chilirec
[2012.11.15 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claro
[2011.06.22 19:11:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON
[2012.10.11 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.10.11 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.10.23 19:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.07.01 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Sound Recorder
[2010.03.04 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2010.03.04 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.05.04 22:36:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.10.16 21:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus
[2010.02.24 20:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.06.22 21:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.09.27 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Memeo
[2012.09.05 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010.02.24 20:47:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.15 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2010.01.21 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2010.01.14 21:16:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rorig Software
[2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 15.11.2012 21:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,13% Memory free
5,99 Gb Paging File | 4,94 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,88 Gb Total Space | 44,97 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 5,10 Gb Free Space | 2,82% Space Free | Partition Type: NTFS
Drive J: | 4,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4A2058DD-9FA3-4C83-B05A-000748332063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F70DB99-C82E-4BA8-AF04-61E30C72B4CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D370C8F-9804-4F4E-A782-7F8EFB77C770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A1EE899-841F-468F-B577-E44F186E64B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{96B22D44-6677-4BA7-B9CA-D08054109C83}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B0CE2BC6-5C9D-4420-9515-2200C3D418EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2DE2049-2329-4B85-B51B-7980D5CA1DCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6BE51F3-16B3-4CFE-B493-2ABBD70B0C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB840EBA-0C5B-4E03-B88E-E8F780753286}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E271FB7B-B146-43AA-9CF5-5756D6FBB90C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF3259D3-9794-47D6-A342-86078E32FC8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9D36D89-1BBB-46D7-A0EB-5358719976F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DE69FC-A6AF-415C-A61F-D49D36E7D8F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12C99DA2-3111-4ABF-A1EB-199A1FD20101}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14DF5C51-04C8-4256-90A8-0AB520250722}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1936BFB2-4704-4685-AA1B-BB717D2C8E64}" = protocol=17 | dir=in | app=c:\program files\wlite\wservice.exe |
"{19E4BA90-6E26-4AF3-86EB-4FDBCB685AD6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D4AF9BF-5D2E-4D6F-B3B6-0FEA7280B105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{207EAB51-8D11-458F-9BF1-8AC49E2E760F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2666C3F1-AE28-4509-A95C-3A87DE959A14}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2721157E-68D7-48ED-B28B-EA910D30AFFC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3508FCE9-7864-42F6-907F-4BA9A513FD3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{350B17B8-BF7E-49ED-9C89-F190EC3BFFCF}" = protocol=6 | dir=in | app=c:\program files\wlite\wlite.exe |
"{367D5E63-1CB5-4FC1-A4A6-046A7722CD73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36A10E2B-2606-4D53-94CD-94996C6DB0F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36FD5AB5-3973-4292-A463-5500BE73836F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3B61486F-DFD3-4469-980B-6906BAB7A5F6}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{443055EF-18FC-4A93-AA08-ACE95BEA00CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E046D76-0D85-4AE1-8D60-36F49A3BC82B}" = protocol=17 | dir=in | app=c:\program files\wlite\wlite.exe |
"{70D81061-1455-41A6-8524-0CF8E0C8DB89}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{71CEB397-329A-4F72-89C6-1F939A52B0C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7BB3BD07-67BC-461D-849D-250E5894BF4F}" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{928AC0A3-7023-4BBD-A396-3941BB9FEE1A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93F6B310-8D29-434F-9702-54454B9A11B8}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9D2EF16F-6E1C-433C-9781-54BECA6FF2E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF7BE449-B839-4EA1-A31A-C9E58C68C54C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D620E2D0-DBF2-4AA0-9818-72B56DCF6175}" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\igd_finder.exe |
"{DC9497AF-D9F2-431F-BB84-024BCBB808DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF88DB5-E463-42A0-A117-12733B88522E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F284212B-6A57-49DF-BD7D-5D6785FB53FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F30E5905-5E68-435F-AC44-19FADA8A7EB2}" = protocol=6 | dir=in | app=c:\program files\wlite\wservice.exe |
"{FB3D9E84-2957-405C-A04D-69188278874C}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FDE96E9F-77C9-494F-8DE5-8F548F062055}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"TCP Query User{0B598442-2CC7-4120-AFD5-EDC756481767}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{0E501B6A-AE58-4B2B-9276-19543BFBF66D}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"TCP Query User{283D0D29-309B-4B79-9DD8-4BD21C9CB0B5}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{2DBA5005-5A7A-415B-8E2B-70FFFF3360AF}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{499F367C-E9BF-48DC-A4B3-1E4EAD3131A7}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"TCP Query User{5DF4AFF1-995C-4775-B94D-597740B954A7}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{ABDBB55D-A19E-4532-9899-633F25AB64A5}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{D68012C9-15EB-450C-B212-2A995FE84A80}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"TCP Query User{FB188029-B7FB-42DE-959C-A6257A947D53}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{093ACB9C-DB16-4400-9061-8CC6032C0334}C:\program files\fritz!\fritz!fax\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\fritz!fax\frifax32.exe |
"UDP Query User{4BD994BB-BD0F-4762-B669-3407C2EF4215}C:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{6912860E-C822-4175-A7CF-CDFB4502AE45}C:\program files\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files\medion\medion nas tool\medion nas tool.exe |
"UDP Query User{7BE9F434-7D5E-499A-89E8-A3D967989370}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{85EDF902-D984-42BC-AD30-8FCADCF4D75B}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{C9053275-24C8-490B-94B9-B734A13FF943}C:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{DB073AB2-B109-4407-A112-10B2265C8BDF}C:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{E5B68BA6-8777-47FF-B482-C5AC0F2BD632}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{E6632EE3-ACBC-40F1-B6F2-69DAE663D858}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE78E98-3600-4830-B41A-D7BEB828D2CB}_is1" = RGS Schulzeugnis 5
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"claro" = Claro LTD toolbar
"FileZilla Client" = FileZilla Client 3.5.3
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.26.1005
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Studio_is1" = Free Studio version 5.7.5.1005
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6
"Sweet Home 3D_is1" = Sweet Home 3D version 2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.10.2012 14:29:25 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 14.10.2012 13:46:07 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 14.10.2012 13:46:43 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.10.2012 11:20:13 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 16.10.2012 14:38:04 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 16.10.2012 16:40:57 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 16.10.2012 16:41:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 17.10.2012 00:43:52 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 17.10.2012 22:24:56 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 18.10.2012 10:16:34 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

Error - 18.10.2012 10:35:36 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 18.10.2012 10:36:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.10.2012 00:27:19 | Computer Name = ***-PC | Source = MemeoBackgroundService | ID = 0
Description =

[ OSession Events ]
Error - 08.05.2011 14:45:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2011 08:20:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.06.2011 08:20:31 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.08.2011 14:07:51 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.11.2012 10:45:48 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 10:45:51 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 12:35:02 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:11 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:14 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:18 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 13:27:21 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 14:43:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 15:30:13 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.

Error - 15.11.2012 15:47:19 | Computer Name = ***-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.


< End of report >

Sorry, hat etwas gedauert. Ich hätte die 3 Schritte vor der Öffnung des Beitrages durchführen sollen.

Mir ist noch eingefallen, dass der Download von Avira heute Vormittag nur im Schneckentempo lief - normal habe ich eine super Verbindung.

Nun aber zum 3. Schritt:


Schritt 3:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 22:26:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: ykcz9hv8.exe; Driver: C:\Users\***\AppData\Local\Temp\ugloipoc.sys


---- System - GMER 1.0.15 ----

SSDT            90835636                                                          ZwCreateSection
SSDT            90835640                                                          ZwRequestWaitReplyPort
SSDT            9083563B                                                          ZwSetContextThread
SSDT            90835645                                                          ZwSetSecurityObject
SSDT            9083564A                                                          ZwSystemDebugControl
SSDT            908355D7                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1401                          830439C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                            830634E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                               8306A87C 4 Bytes  [36, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                               8306ABD8 4 Bytes  [40, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                               8306AC1C 4 Bytes  [3B, 56, 83, 90] {CMP EDX, [ESI-0x7d]; NOP }
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                               8306AC98 4 Bytes  [45, 56, 83, 90]
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                               8306ACEC 4 Bytes  [4A, 56, 83, 90]
.text           ...                                                               
.text           user32.dll!DialogBoxParamW                                        752D3B9B 5 Bytes  [E9, A0, 09, AB, FF] {JMP 0xffffffffffab09a5}

---- User code sections - GMER 1.0.15 ----

.text           C:\windows\system32\wininit.exe[492] USER32.dll!DialogBoxParamW   752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\services.exe[544] USER32.dll!DialogBoxParamW  752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\lsass.exe[560] USER32.dll!DialogBoxParamW     752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           C:\windows\system32\winlogon.exe[660] USER32.dll!DialogBoxParamW  752D3B9B 5 Bytes  JMP 74D84540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text           ...                                                               

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Vorab schon einmal vielen Dank & bis hoffentlich morgen.

Heiko

Geändert von HAK (15.11.2012 um 21:48 Uhr) Grund: Für OTL musste ich alle Programme schließen.

 

Themen zu Claro Search
7-zip, audiograbber, autostart, browser manager, einstellungen, emails, erscheint, firefox, gen, heute, hoffe, infos, install.exe, intranet, job, kinder, kleine, limited.com/facebook, länger, microsoft office 2003, office 2007, online, opfer, plug-in, richtig, schei, search, seite, start, startseite, super, thunderbird, troja, trojaner-board, wenig, wichtige




Ähnliche Themen: Claro Search


  1. Claro Search entfernen- Wie?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  2. Claro - Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (20)
  3. Claro search
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (4)
  4. Claro Search Virus
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (1)
  5. Claro Search entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (14)
  6. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (3)
  7. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (17)
  8. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (23)
  9. Claro Search eingfangen :(
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (23)
  10. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  11. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (16)
  12. Claro-Search als Startseite
    Log-Analyse und Auswertung - 22.11.2012 (11)
  13. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (12)
  14. Claro-Search
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (11)
  15. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (23)
  16. Claro Search
    Log-Analyse und Auswertung - 12.11.2012 (27)
  17. virus auf dem pc search.chatzum.com bei Mozilla Firefox und search.claro.com bei IE
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)

Zum Thema Claro Search - Hallo, ich heiße Heiko und bin anscheinend auch ein Opfer der "Claro Search" geworden. Es ist mir gerade aufgefallen, dass beim Start des Firefox immer die Claro Search als Startseite - Claro Search...

Alle Zeitangaben in WEZ +1. Es ist jetzt 21:40 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Claro Search auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.