| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Claro Search (Firefox) lässt sich nicht deinstallieren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2012, 00:29
| #1 |
 |  Claro Search (Firefox) lässt sich nicht deinstallieren! Hallo, ich habe mit Hilfe von Google lediglich dieses Forum als vertrauenswürdig und kompetent gefunden, weil das "Claro Search"-Problem hier bereits behandelt wurde und wohl recht aktuell ist. Claro Search lässt sich bei Firefox nicht mehr entfernen, jeder neue Tab lotst mich auf deren Seite und aus der Toolbar bekomme ich es auch nicht heraus. Ich habe es anfangs mit deinstallieren unter Systemsteuerung versucht, aber hat nix geholfen. Dann habe ich die Anleitungen und Schritte befolgt, die in dem vorhandenen Thread gegeben wurden (http://www.trojaner-board.de/126227-...entfernen.html) - bevor ich mich hier regisitriert habe und lesen musste, dass frau dies NICHT tun soll  Von Computern habe ich leider sehr wenig Ahnung und tue mich mit technischen Details schwer. Erst gestern wurde an meinem Laptop vom Fachmann ein komplettes Recovery durchgeführt, weil der Windows Explorer nicht mehr funktioniert hat (auch nicht im abgesicherten Modus) und das Problem nicht behoben werden konnte. Heute musste ich dementsprechend alle Programme neu installieren und freeware downloaden, dabei hat sich dieses Claro Search wohl eingeschlichen. Ich habe bereits tdsskiller, OTL, defogger, aswMBR und adwcleaner runtergeladen und die Programme/Scans laufen lassen. Eine Datei wurde tatsächlich gefunden, allerdings hatte ich in einem Thread gelesen "delete", in dem obigen Thread stand jedoch "auf keinen Fall löschen". Naja, ich habs gelöscht  Kann mir bitte bitte jemand helfen? Das wäre toll! Ich will ungern erneut viel Geld ausgeben und ins Fachgeschäft gehen müssen, um ein erneutes Recovery durchführen zu lassen. Danke schonmal. |
|
21.11.2012, 19:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Claro Search (Firefox) lässt sich nicht deinstallieren! Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
22.11.2012, 18:20
| #3 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! Hallo Cosinus,
__________________und danke für die Unterstützung. Also mit dem TDSSKiller-Tool erhalte ich folgenden Report: Code:
ATTFilter 18:13:17.0155 3920 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:13:17.0420 3920 ============================================================
18:13:17.0420 3920 Current date / time: 2012/11/22 18:13:17.0420
18:13:17.0420 3920 SystemInfo:
18:13:17.0420 3920
18:13:17.0420 3920 OS Version: 6.1.7600 ServicePack: 0.0
18:13:17.0420 3920 Product type: Workstation
18:13:17.0436 3920 ComputerName: XXX-PC
18:13:17.0436 3920 UserName: XXX
18:13:17.0436 3920 Windows directory: C:\Windows
18:13:17.0436 3920 System windows directory: C:\Windows
18:13:17.0436 3920 Running under WOW64
18:13:17.0436 3920 Processor architecture: Intel x64
18:13:17.0436 3920 Number of processors: 2
18:13:17.0436 3920 Page size: 0x1000
18:13:17.0436 3920 Boot type: Normal boot
18:13:17.0436 3920 ============================================================
18:13:18.0325 3920 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:18.0340 3920 ============================================================
18:13:18.0340 3920 \Device\Harddisk0\DR0:
18:13:18.0340 3920 MBR partitions:
18:13:18.0340 3920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:13:18.0340 3920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x23BFB800
18:13:18.0340 3920 ============================================================
18:13:18.0372 3920 C: <-> \Device\Harddisk0\DR0\Partition2
18:13:18.0372 3920 ============================================================
18:13:18.0372 3920 Initialize success
18:13:18.0372 3920 ============================================================
18:13:41.0506 2084 ============================================================
18:13:41.0506 2084 Scan started
18:13:41.0506 2084 Mode: Manual; SigCheck; TDLFS;
18:13:41.0506 2084 ============================================================
18:13:42.0552 2084 ================ Scan system memory ========================
18:13:42.0567 2084 System memory - ok
18:13:42.0567 2084 ================ Scan services =============================
18:13:42.0739 2084 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:13:43.0363 2084 1394ohci - ok
18:13:43.0410 2084 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:13:43.0441 2084 ACPI - ok
18:13:43.0488 2084 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:13:43.0612 2084 AcpiPmi - ok
18:13:43.0690 2084 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:13:43.0753 2084 AdobeARMservice - ok
18:13:43.0878 2084 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:13:43.0924 2084 AdobeFlashPlayerUpdateSvc - ok
18:13:43.0987 2084 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:13:44.0049 2084 adp94xx - ok
18:13:44.0112 2084 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:13:44.0174 2084 adpahci - ok
18:13:44.0174 2084 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:13:44.0221 2084 adpu320 - ok
18:13:44.0252 2084 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:13:44.0439 2084 AeLookupSvc - ok
18:13:44.0486 2084 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
18:13:44.0564 2084 AFD - ok
18:13:44.0595 2084 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:13:44.0626 2084 agp440 - ok
18:13:44.0673 2084 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:13:44.0736 2084 ALG - ok
18:13:44.0751 2084 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:13:44.0798 2084 aliide - ok
18:13:44.0798 2084 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:13:44.0829 2084 amdide - ok
18:13:44.0845 2084 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:13:44.0923 2084 AmdK8 - ok
18:13:44.0938 2084 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:13:45.0001 2084 AmdPPM - ok
18:13:45.0032 2084 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:13:45.0063 2084 amdsata - ok
18:13:45.0079 2084 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:13:45.0110 2084 amdsbs - ok
18:13:45.0126 2084 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:13:45.0172 2084 amdxata - ok
18:13:45.0204 2084 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
18:13:45.0297 2084 AmUStor - ok
18:13:45.0375 2084 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:13:45.0391 2084 AntiVirSchedulerService - ok
18:13:45.0422 2084 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:13:45.0453 2084 AntiVirService - ok
18:13:45.0500 2084 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:13:45.0594 2084 AppID - ok
18:13:45.0625 2084 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:13:45.0718 2084 AppIDSvc - ok
18:13:45.0734 2084 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:13:45.0812 2084 Appinfo - ok
18:13:45.0828 2084 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:13:45.0874 2084 arc - ok
18:13:45.0874 2084 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:13:45.0921 2084 arcsas - ok
18:13:45.0921 2084 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:13:46.0030 2084 AsyncMac - ok
18:13:46.0030 2084 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:13:46.0062 2084 atapi - ok
18:13:46.0140 2084 [ 88A02B6046356E6BE4E387FAA7451439 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:13:46.0311 2084 athr - ok
18:13:46.0374 2084 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:13:46.0467 2084 AudioEndpointBuilder - ok
18:13:46.0483 2084 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:13:46.0561 2084 AudioSrv - ok
18:13:46.0608 2084 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:13:46.0670 2084 avgntflt - ok
18:13:46.0701 2084 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:13:46.0732 2084 avipbb - ok
18:13:46.0748 2084 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:13:46.0779 2084 avkmgr - ok
18:13:46.0810 2084 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:13:46.0920 2084 AxInstSV - ok
18:13:46.0998 2084 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:13:47.0076 2084 b06bdrv - ok
18:13:47.0107 2084 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:13:47.0185 2084 b57nd60a - ok
18:13:47.0232 2084 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:13:47.0294 2084 BDESVC - ok
18:13:47.0310 2084 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:13:47.0419 2084 Beep - ok
18:13:47.0466 2084 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:13:47.0590 2084 BFE - ok
18:13:47.0637 2084 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:13:47.0762 2084 BITS - ok
18:13:47.0809 2084 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:13:47.0856 2084 blbdrive - ok
18:13:47.0902 2084 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:13:47.0980 2084 bowser - ok
18:13:47.0980 2084 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:13:48.0043 2084 BrFiltLo - ok
18:13:48.0058 2084 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:13:48.0090 2084 BrFiltUp - ok
18:13:48.0136 2084 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
18:13:48.0199 2084 Browser - ok
18:13:48.0324 2084 [ 83DE1ABA61074DA70F5011D28610B18D ] Browser Manager C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
18:13:48.0480 2084 Browser Manager - ok
18:13:48.0511 2084 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:13:48.0604 2084 Brserid - ok
18:13:48.0604 2084 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:13:48.0667 2084 BrSerWdm - ok
18:13:48.0682 2084 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:13:48.0729 2084 BrUsbMdm - ok
18:13:48.0729 2084 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:13:48.0776 2084 BrUsbSer - ok
18:13:48.0807 2084 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:13:48.0885 2084 BthEnum - ok
18:13:48.0885 2084 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:13:48.0932 2084 BTHMODEM - ok
18:13:48.0948 2084 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:13:48.0994 2084 BthPan - ok
18:13:49.0041 2084 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:13:49.0119 2084 BTHPORT - ok
18:13:49.0182 2084 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:13:49.0275 2084 bthserv - ok
18:13:49.0291 2084 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:13:49.0338 2084 BTHUSB - ok
18:13:49.0353 2084 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:13:49.0447 2084 cdfs - ok
18:13:49.0478 2084 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:13:49.0525 2084 cdrom - ok
18:13:49.0572 2084 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:13:49.0650 2084 CertPropSvc - ok
18:13:49.0665 2084 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:13:49.0728 2084 circlass - ok
18:13:49.0759 2084 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:13:49.0790 2084 CLFS - ok
18:13:49.0884 2084 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:13:49.0915 2084 clr_optimization_v2.0.50727_32 - ok
18:13:49.0962 2084 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:13:49.0993 2084 clr_optimization_v2.0.50727_64 - ok
18:13:50.0040 2084 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:13:50.0086 2084 CmBatt - ok
18:13:50.0086 2084 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:13:50.0118 2084 cmdide - ok
18:13:50.0164 2084 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
18:13:50.0258 2084 CNG - ok
18:13:50.0289 2084 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:13:50.0336 2084 Compbatt - ok
18:13:50.0336 2084 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:13:50.0383 2084 CompositeBus - ok
18:13:50.0398 2084 COMSysApp - ok
18:13:50.0398 2084 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:13:50.0445 2084 crcdisk - ok
18:13:50.0476 2084 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:13:50.0554 2084 CryptSvc - ok
18:13:50.0617 2084 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:13:50.0726 2084 DcomLaunch - ok
18:13:50.0773 2084 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:13:50.0866 2084 defragsvc - ok
18:13:50.0913 2084 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:13:50.0976 2084 DfsC - ok
18:13:51.0007 2084 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:13:51.0100 2084 Dhcp - ok
18:13:51.0132 2084 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:13:51.0225 2084 discache - ok
18:13:51.0241 2084 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:13:51.0288 2084 Disk - ok
18:13:51.0350 2084 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
18:13:51.0381 2084 DKbFltr - ok
18:13:51.0412 2084 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:13:51.0490 2084 Dnscache - ok
18:13:51.0506 2084 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:13:51.0615 2084 dot3svc - ok
18:13:51.0631 2084 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:13:51.0709 2084 DPS - ok
18:13:51.0740 2084 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:13:51.0771 2084 drmkaud - ok
18:13:51.0834 2084 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:13:51.0927 2084 DXGKrnl - ok
18:13:51.0958 2084 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:13:52.0036 2084 EapHost - ok
18:13:52.0146 2084 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:13:52.0317 2084 ebdrv - ok
18:13:52.0348 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
18:13:52.0395 2084 EFS - ok
18:13:52.0473 2084 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:13:52.0567 2084 ehRecvr - ok
18:13:52.0582 2084 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:13:52.0629 2084 ehSched - ok
18:13:52.0660 2084 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:13:52.0723 2084 elxstor - ok
18:13:52.0801 2084 [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:13:52.0879 2084 ePowerSvc - ok
18:13:52.0894 2084 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:13:52.0957 2084 ErrDev - ok
18:13:53.0019 2084 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:13:53.0097 2084 EventSystem - ok
18:13:53.0128 2084 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:13:53.0222 2084 exfat - ok
18:13:53.0238 2084 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:13:53.0331 2084 fastfat - ok
18:13:53.0378 2084 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:13:53.0456 2084 Fax - ok
18:13:53.0472 2084 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:13:53.0518 2084 fdc - ok
18:13:53.0534 2084 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:13:53.0612 2084 fdPHost - ok
18:13:53.0612 2084 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:13:53.0690 2084 FDResPub - ok
18:13:53.0706 2084 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:13:53.0753 2084 FileInfo - ok
18:13:53.0753 2084 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:13:53.0831 2084 Filetrace - ok
18:13:53.0846 2084 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:13:53.0877 2084 flpydisk - ok
18:13:53.0909 2084 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:13:53.0971 2084 FltMgr - ok
18:13:54.0033 2084 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
18:13:54.0127 2084 FontCache - ok
18:13:54.0174 2084 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:13:54.0205 2084 FontCache3.0.0.0 - ok
18:13:54.0236 2084 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:13:54.0267 2084 FsDepends - ok
18:13:54.0299 2084 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:13:54.0330 2084 Fs_Rec - ok
18:13:54.0361 2084 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:13:54.0392 2084 fvevol - ok
18:13:54.0408 2084 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:13:54.0455 2084 gagp30kx - ok
18:13:54.0501 2084 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:13:54.0579 2084 gpsvc - ok
18:13:54.0595 2084 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:13:54.0657 2084 hcw85cir - ok
18:13:54.0689 2084 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:13:54.0767 2084 HdAudAddService - ok
18:13:54.0782 2084 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:13:54.0813 2084 HDAudBus - ok
18:13:54.0829 2084 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:13:54.0876 2084 HidBatt - ok
18:13:54.0891 2084 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:13:54.0954 2084 HidBth - ok
18:13:54.0954 2084 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:13:55.0016 2084 HidIr - ok
18:13:55.0047 2084 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:13:55.0141 2084 hidserv - ok
18:13:55.0157 2084 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:13:55.0203 2084 HidUsb - ok
18:13:55.0235 2084 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:13:55.0328 2084 hkmsvc - ok
18:13:55.0344 2084 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:13:55.0437 2084 HomeGroupListener - ok
18:13:55.0469 2084 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:13:55.0515 2084 HomeGroupProvider - ok
18:13:55.0547 2084 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:13:55.0578 2084 HpSAMD - ok
18:13:55.0625 2084 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:13:55.0718 2084 HTTP - ok
18:13:55.0734 2084 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:13:55.0749 2084 hwpolicy - ok
18:13:55.0781 2084 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:13:55.0812 2084 i8042prt - ok
18:13:55.0905 2084 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:13:55.0937 2084 IAANTMON - ok
18:13:55.0983 2084 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:13:56.0015 2084 iaStor - ok
18:13:56.0046 2084 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
18:13:56.0093 2084 iaStorV - ok
18:13:56.0155 2084 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:13:56.0264 2084 idsvc - ok
18:13:56.0561 2084 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:13:57.0075 2084 igfx - ok
18:13:57.0107 2084 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:13:57.0138 2084 iirsp - ok
18:13:57.0200 2084 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:13:57.0294 2084 IKEEXT - ok
18:13:57.0387 2084 [ 1A6241B70453A6629A83DB942AA6B08C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:13:57.0543 2084 IntcAzAudAddService - ok
18:13:57.0575 2084 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:13:57.0637 2084 IntcHdmiAddService - ok
18:13:57.0668 2084 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:13:57.0699 2084 intelide - ok
18:13:57.0715 2084 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:13:57.0762 2084 intelppm - ok
18:13:57.0793 2084 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:13:57.0871 2084 IPBusEnum - ok
18:13:57.0887 2084 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:13:57.0965 2084 IpFilterDriver - ok
18:13:57.0996 2084 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:13:58.0105 2084 iphlpsvc - ok
18:13:58.0121 2084 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:13:58.0183 2084 IPMIDRV - ok
18:13:58.0199 2084 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:13:58.0277 2084 IPNAT - ok
18:13:58.0292 2084 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:13:58.0323 2084 IRENUM - ok
18:13:58.0339 2084 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:13:58.0370 2084 isapnp - ok
18:13:58.0386 2084 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:13:58.0433 2084 iScsiPrt - ok
18:13:58.0448 2084 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:13:58.0479 2084 kbdclass - ok
18:13:58.0495 2084 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:13:58.0542 2084 kbdhid - ok
18:13:58.0557 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
18:13:58.0589 2084 KeyIso - ok
18:13:58.0620 2084 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:13:58.0651 2084 KSecDD - ok
18:13:58.0682 2084 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:13:58.0729 2084 KSecPkg - ok
18:13:58.0745 2084 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:13:58.0838 2084 ksthunk - ok
18:13:58.0869 2084 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:13:58.0963 2084 KtmRm - ok
18:13:58.0994 2084 [ AD88105EFDDC55877EA8D06346D75989 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:13:59.0057 2084 L1C - ok
18:13:59.0119 2084 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:13:59.0166 2084 LanmanServer - ok
18:13:59.0197 2084 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:13:59.0275 2084 LanmanWorkstation - ok
18:13:59.0306 2084 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:13:59.0400 2084 lltdio - ok
18:13:59.0431 2084 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:13:59.0509 2084 lltdsvc - ok
18:13:59.0540 2084 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:13:59.0603 2084 lmhosts - ok
18:13:59.0634 2084 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:13:59.0665 2084 LSI_FC - ok
18:13:59.0681 2084 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:13:59.0712 2084 LSI_SAS - ok
18:13:59.0727 2084 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:13:59.0774 2084 LSI_SAS2 - ok
18:13:59.0774 2084 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:13:59.0805 2084 LSI_SCSI - ok
18:13:59.0837 2084 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:13:59.0915 2084 luafv - ok
18:13:59.0930 2084 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:13:59.0977 2084 Mcx2Svc - ok
18:13:59.0993 2084 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:14:00.0024 2084 megasas - ok
18:14:00.0055 2084 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:00.0117 2084 MegaSR - ok
18:14:00.0133 2084 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:14:00.0227 2084 MMCSS - ok
18:14:00.0227 2084 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:14:00.0320 2084 Modem - ok
18:14:00.0320 2084 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:14:00.0367 2084 monitor - ok
18:14:00.0367 2084 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:14:00.0398 2084 mouclass - ok
18:14:00.0414 2084 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:14:00.0476 2084 mouhid - ok
18:14:00.0476 2084 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:14:00.0507 2084 mountmgr - ok
18:14:00.0554 2084 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:14:00.0585 2084 MozillaMaintenance - ok
18:14:00.0601 2084 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:14:00.0648 2084 mpio - ok
18:14:00.0648 2084 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:14:00.0726 2084 mpsdrv - ok
18:14:00.0773 2084 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:14:00.0882 2084 MpsSvc - ok
18:14:00.0897 2084 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:14:00.0960 2084 MRxDAV - ok
18:14:00.0991 2084 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:01.0038 2084 mrxsmb - ok
18:14:01.0069 2084 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:01.0116 2084 mrxsmb10 - ok
18:14:01.0147 2084 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:01.0194 2084 mrxsmb20 - ok
18:14:01.0225 2084 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:14:01.0256 2084 msahci - ok
18:14:01.0272 2084 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:14:01.0303 2084 msdsm - ok
18:14:01.0319 2084 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:14:01.0381 2084 MSDTC - ok
18:14:01.0397 2084 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:14:01.0459 2084 Msfs - ok
18:14:01.0475 2084 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:14:01.0553 2084 mshidkmdf - ok
18:14:01.0568 2084 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:14:01.0599 2084 msisadrv - ok
18:14:01.0631 2084 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:14:01.0724 2084 MSiSCSI - ok
18:14:01.0740 2084 msiserver - ok
18:14:01.0755 2084 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:14:01.0833 2084 MSKSSRV - ok
18:14:01.0849 2084 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:01.0927 2084 MSPCLOCK - ok
18:14:01.0943 2084 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:14:02.0021 2084 MSPQM - ok
18:14:02.0052 2084 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:14:02.0099 2084 MsRPC - ok
18:14:02.0114 2084 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:14:02.0145 2084 mssmbios - ok
18:14:02.0145 2084 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:14:02.0239 2084 MSTEE - ok
18:14:02.0239 2084 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:02.0286 2084 MTConfig - ok
18:14:02.0317 2084 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:14:02.0348 2084 Mup - ok
18:14:02.0379 2084 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:14:02.0411 2084 mwlPSDFilter - ok
18:14:02.0426 2084 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:14:02.0442 2084 mwlPSDNServ - ok
18:14:02.0457 2084 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:14:02.0489 2084 mwlPSDVDisk - ok
18:14:02.0551 2084 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
18:14:02.0598 2084 MWLService - ok
18:14:02.0629 2084 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:14:02.0723 2084 napagent - ok
18:14:02.0769 2084 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:14:02.0847 2084 NativeWifiP - ok
18:14:02.0894 2084 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:14:02.0972 2084 NDIS - ok
18:14:02.0988 2084 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:03.0050 2084 NdisCap - ok
18:14:03.0066 2084 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:03.0159 2084 NdisTapi - ok
18:14:03.0159 2084 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:03.0253 2084 Ndisuio - ok
18:14:03.0253 2084 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:03.0331 2084 NdisWan - ok
18:14:03.0347 2084 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:14:03.0425 2084 NDProxy - ok
18:14:03.0440 2084 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:14:03.0503 2084 NetBIOS - ok
18:14:03.0534 2084 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:14:03.0627 2084 NetBT - ok
18:14:03.0659 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
18:14:03.0674 2084 Netlogon - ok
18:14:03.0721 2084 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:14:03.0799 2084 Netman - ok
18:14:03.0830 2084 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:14:03.0924 2084 netprofm - ok
18:14:03.0971 2084 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:14:04.0002 2084 NetTcpPortSharing - ok
18:14:04.0220 2084 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
18:14:04.0563 2084 NETw5s64 - ok
18:14:04.0626 2084 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:04.0657 2084 nfrd960 - ok
18:14:04.0704 2084 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:14:04.0797 2084 NlaSvc - ok
18:14:04.0797 2084 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:14:04.0891 2084 Npfs - ok
18:14:04.0907 2084 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:14:05.0000 2084 nsi - ok
18:14:05.0000 2084 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:14:05.0063 2084 nsiproxy - ok
18:14:05.0125 2084 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:14:05.0265 2084 Ntfs - ok
18:14:05.0265 2084 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:14:05.0343 2084 Null - ok
18:14:05.0359 2084 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
18:14:05.0390 2084 nvraid - ok
18:14:05.0406 2084 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
18:14:05.0437 2084 nvstor - ok
18:14:05.0468 2084 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:14:05.0499 2084 nv_agp - ok
18:14:05.0593 2084 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:14:05.0655 2084 odserv - ok
18:14:05.0655 2084 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:14:05.0702 2084 ohci1394 - ok
18:14:05.0765 2084 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:05.0811 2084 ose - ok
18:14:05.0843 2084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:14:05.0889 2084 p2pimsvc - ok
18:14:05.0921 2084 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:14:05.0967 2084 p2psvc - ok
18:14:05.0999 2084 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:14:06.0030 2084 Parport - ok
18:14:06.0061 2084 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:14:06.0092 2084 partmgr - ok
18:14:06.0108 2084 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:14:06.0155 2084 PcaSvc - ok
18:14:06.0170 2084 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:14:06.0217 2084 pci - ok
18:14:06.0217 2084 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:14:06.0248 2084 pciide - ok
18:14:06.0279 2084 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:06.0326 2084 pcmcia - ok
18:14:06.0326 2084 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:14:06.0357 2084 pcw - ok
18:14:06.0389 2084 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:14:06.0498 2084 PEAUTH - ok
18:14:06.0545 2084 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:14:06.0591 2084 PerfHost - ok
18:14:06.0654 2084 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:14:06.0841 2084 pla - ok
18:14:06.0888 2084 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:14:06.0966 2084 PlugPlay - ok
18:14:06.0981 2084 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:14:07.0028 2084 PNRPAutoReg - ok
18:14:07.0075 2084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:14:07.0106 2084 PNRPsvc - ok
18:14:07.0153 2084 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:14:07.0262 2084 PolicyAgent - ok
18:14:07.0293 2084 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:14:07.0371 2084 Power - ok
18:14:07.0403 2084 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:14:07.0496 2084 PptpMiniport - ok
18:14:07.0512 2084 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:14:07.0559 2084 Processor - ok
18:14:07.0590 2084 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
18:14:07.0683 2084 ProfSvc - ok
18:14:07.0715 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:14:07.0730 2084 ProtectedStorage - ok
18:14:07.0761 2084 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:14:07.0824 2084 Psched - ok
18:14:07.0886 2084 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:14:07.0995 2084 ql2300 - ok
18:14:08.0027 2084 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:08.0058 2084 ql40xx - ok
18:14:08.0073 2084 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:14:08.0151 2084 QWAVE - ok
18:14:08.0151 2084 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:14:08.0214 2084 QWAVEdrv - ok
18:14:08.0214 2084 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:14:08.0292 2084 RasAcd - ok
18:14:08.0323 2084 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:08.0401 2084 RasAgileVpn - ok
18:14:08.0417 2084 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:14:08.0510 2084 RasAuto - ok
18:14:08.0526 2084 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:08.0604 2084 Rasl2tp - ok
18:14:08.0635 2084 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:14:08.0744 2084 RasMan - ok
18:14:08.0775 2084 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:08.0853 2084 RasPppoe - ok
18:14:08.0853 2084 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:14:08.0947 2084 RasSstp - ok
18:14:08.0978 2084 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:14:09.0072 2084 rdbss - ok
18:14:09.0087 2084 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:09.0119 2084 rdpbus - ok
18:14:09.0134 2084 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:09.0197 2084 RDPCDD - ok
18:14:09.0212 2084 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:14:09.0306 2084 RDPENCDD - ok
18:14:09.0321 2084 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:14:09.0384 2084 RDPREFMP - ok
18:14:09.0431 2084 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:14:09.0493 2084 RDPWD - ok
18:14:09.0509 2084 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:14:09.0555 2084 rdyboost - ok
18:14:09.0587 2084 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:14:09.0665 2084 RemoteAccess - ok
18:14:09.0696 2084 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:14:09.0774 2084 RemoteRegistry - ok
18:14:09.0805 2084 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:14:09.0852 2084 RFCOMM - ok
18:14:09.0883 2084 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:14:09.0961 2084 RpcEptMapper - ok
18:14:09.0992 2084 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:14:10.0055 2084 RpcLocator - ok
18:14:10.0101 2084 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:14:10.0164 2084 RpcSs - ok
18:14:10.0195 2084 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:14:10.0289 2084 rspndr - ok
18:14:10.0304 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
18:14:10.0335 2084 SamSs - ok
18:14:10.0335 2084 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:14:10.0382 2084 sbp2port - ok
18:14:10.0398 2084 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:14:10.0476 2084 SCardSvr - ok
18:14:10.0491 2084 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:14:10.0585 2084 scfilter - ok
18:14:10.0647 2084 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:14:10.0725 2084 Schedule - ok
18:14:10.0757 2084 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:14:10.0819 2084 SCPolicySvc - ok
18:14:10.0850 2084 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:14:10.0928 2084 SDRSVC - ok
18:14:10.0959 2084 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:14:11.0037 2084 secdrv - ok
18:14:11.0037 2084 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:14:11.0131 2084 seclogon - ok
18:14:11.0147 2084 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:14:11.0225 2084 SENS - ok
18:14:11.0256 2084 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:14:11.0318 2084 SensrSvc - ok
18:14:11.0334 2084 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:14:11.0365 2084 Serenum - ok
18:14:11.0381 2084 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:14:11.0412 2084 Serial - ok
18:14:11.0412 2084 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:14:11.0459 2084 sermouse - ok
18:14:11.0490 2084 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:14:11.0568 2084 SessionEnv - ok
18:14:11.0583 2084 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:14:11.0630 2084 sffdisk - ok
18:14:11.0630 2084 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:14:11.0677 2084 sffp_mmc - ok
18:14:11.0677 2084 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:14:11.0724 2084 sffp_sd - ok
18:14:11.0739 2084 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:11.0786 2084 sfloppy - ok
18:14:11.0833 2084 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:14:11.0927 2084 SharedAccess - ok
18:14:11.0958 2084 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:14:12.0020 2084 ShellHWDetection - ok
18:14:12.0036 2084 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:12.0083 2084 SiSRaid2 - ok
18:14:12.0083 2084 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:12.0114 2084 SiSRaid4 - ok
18:14:12.0129 2084 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:14:12.0223 2084 Smb - ok
18:14:12.0254 2084 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:14:12.0301 2084 SNMPTRAP - ok
18:14:12.0301 2084 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:14:12.0348 2084 spldr - ok
18:14:12.0395 2084 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
18:14:12.0488 2084 Spooler - ok
18:14:12.0597 2084 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:14:12.0785 2084 sppsvc - ok
18:14:12.0785 2084 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:14:12.0878 2084 sppuinotify - ok
18:14:12.0909 2084 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:14:12.0987 2084 srv - ok
18:14:13.0034 2084 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:14:13.0112 2084 srv2 - ok
18:14:13.0143 2084 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:14:13.0221 2084 srvnet - ok
18:14:13.0284 2084 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:14:13.0362 2084 SSDPSRV - ok
18:14:13.0377 2084 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:14:13.0455 2084 SstpSvc - ok
18:14:13.0487 2084 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:14:13.0518 2084 stexstor - ok
18:14:13.0565 2084 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:14:13.0674 2084 stisvc - ok
18:14:13.0674 2084 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:14:13.0705 2084 swenum - ok
18:14:13.0752 2084 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:14:13.0845 2084 swprv - ok
18:14:13.0892 2084 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:14:13.0939 2084 SynTP - ok
18:14:14.0001 2084 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:14:14.0126 2084 SysMain - ok
18:14:14.0142 2084 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:14:14.0204 2084 TabletInputService - ok
18:14:14.0235 2084 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:14:14.0360 2084 TapiSrv - ok
18:14:14.0391 2084 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:14:14.0454 2084 TBS - ok
18:14:14.0532 2084 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:14:14.0688 2084 Tcpip - ok
18:14:14.0735 2084 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:14:14.0813 2084 TCPIP6 - ok
18:14:14.0844 2084 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:14:14.0922 2084 tcpipreg - ok
18:14:14.0937 2084 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:14:15.0000 2084 TDPIPE - ok
18:14:15.0031 2084 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:14:15.0093 2084 TDTCP - ok
18:14:15.0109 2084 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:14:15.0187 2084 tdx - ok
18:14:15.0203 2084 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:14:15.0234 2084 TermDD - ok
18:14:15.0281 2084 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:14:15.0405 2084 TermService - ok
18:14:15.0421 2084 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:14:15.0468 2084 Themes - ok
18:14:15.0499 2084 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:14:15.0561 2084 THREADORDER - ok
18:14:15.0577 2084 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:14:15.0655 2084 TrkWks - ok
18:14:15.0702 2084 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:14:15.0733 2084 TrustedInstaller - ok
18:14:15.0764 2084 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:15.0842 2084 tssecsrv - ok
18:14:15.0858 2084 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:14:15.0936 2084 tunnel - ok
18:14:15.0936 2084 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:14:15.0983 2084 uagp35 - ok
18:14:15.0998 2084 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:14:16.0107 2084 udfs - ok
18:14:16.0139 2084 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:14:16.0185 2084 UI0Detect - ok
18:14:16.0185 2084 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:14:16.0232 2084 uliagpkx - ok
18:14:16.0248 2084 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:14:16.0295 2084 umbus - ok
18:14:16.0295 2084 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:14:16.0357 2084 UmPass - ok
18:14:16.0435 2084 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:14:16.0466 2084 Updater Service - ok
18:14:16.0482 2084 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:14:16.0560 2084 upnphost - ok
18:14:16.0575 2084 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:16.0638 2084 usbccgp - ok
18:14:16.0653 2084 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:14:16.0700 2084 usbcir - ok
18:14:16.0716 2084 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:14:16.0747 2084 usbehci - ok
18:14:16.0763 2084 [ 7CC1C95896D60E868AA6DD2DD2F97EAD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:14:16.0841 2084 usbhub - ok
18:14:16.0856 2084 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:14:16.0887 2084 usbohci - ok
18:14:16.0919 2084 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:14:16.0950 2084 usbprint - ok
18:14:16.0950 2084 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:14:16.0997 2084 USBSTOR - ok
18:14:16.0997 2084 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:17.0043 2084 usbuhci - ok
18:14:17.0075 2084 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:14:17.0106 2084 usbvideo - ok
18:14:17.0137 2084 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:14:17.0199 2084 UxSms - ok
18:14:17.0215 2084 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
18:14:17.0246 2084 VaultSvc - ok
18:14:17.0262 2084 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:14:17.0293 2084 vdrvroot - ok
18:14:17.0324 2084 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:14:17.0387 2084 vds - ok
18:14:17.0402 2084 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:17.0433 2084 vga - ok
18:14:17.0449 2084 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:14:17.0527 2084 VgaSave - ok
18:14:17.0543 2084 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:14:17.0589 2084 vhdmp - ok
18:14:17.0589 2084 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:14:17.0621 2084 viaide - ok
18:14:17.0636 2084 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:14:17.0683 2084 volmgr - ok
18:14:17.0699 2084 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:14:17.0730 2084 volmgrx - ok
18:14:17.0745 2084 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:14:17.0792 2084 volsnap - ok
18:14:17.0823 2084 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:17.0870 2084 vsmraid - ok
18:14:17.0917 2084 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:14:18.0057 2084 VSS - ok
18:14:18.0057 2084 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:14:18.0104 2084 vwifibus - ok
18:14:18.0120 2084 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:14:18.0151 2084 vwififlt - ok
18:14:18.0198 2084 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:14:18.0291 2084 W32Time - ok
18:14:18.0307 2084 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:14:18.0338 2084 WacomPen - ok
18:14:18.0369 2084 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:14:18.0463 2084 WANARP - ok
18:14:18.0479 2084 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:14:18.0557 2084 Wanarpv6 - ok
18:14:18.0603 2084 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:14:18.0759 2084 wbengine - ok
18:14:18.0775 2084 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:14:18.0822 2084 WbioSrvc - ok
18:14:18.0837 2084 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:14:18.0915 2084 wcncsvc - ok
18:14:18.0931 2084 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:14:18.0978 2084 WcsPlugInService - ok
18:14:18.0993 2084 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:14:19.0025 2084 Wd - ok
18:14:19.0056 2084 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:14:19.0134 2084 Wdf01000 - ok
18:14:19.0165 2084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:14:19.0212 2084 WdiServiceHost - ok
18:14:19.0212 2084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:14:19.0259 2084 WdiSystemHost - ok
18:14:19.0290 2084 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
18:14:19.0368 2084 WebClient - ok
18:14:19.0383 2084 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:14:19.0477 2084 Wecsvc - ok
18:14:19.0493 2084 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:14:19.0586 2084 wercplsupport - ok
18:14:19.0617 2084 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:14:19.0695 2084 WerSvc - ok
18:14:19.0727 2084 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:19.0805 2084 WfpLwf - ok
18:14:19.0805 2084 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:14:19.0836 2084 WIMMount - ok
18:14:19.0867 2084 WinDefend - ok
18:14:19.0883 2084 WinHttpAutoProxySvc - ok
18:14:19.0945 2084 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:14:20.0023 2084 Winmgmt - ok
18:14:20.0117 2084 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:14:20.0273 2084 WinRM - ok
18:14:20.0413 2084 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:14:20.0507 2084 Wlansvc - ok
18:14:20.0553 2084 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:14:20.0600 2084 WmiAcpi - ok
18:14:20.0631 2084 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:14:20.0694 2084 wmiApSrv - ok
18:14:20.0725 2084 WMPNetworkSvc - ok
18:14:20.0756 2084 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:14:20.0803 2084 WPCSvc - ok
18:14:20.0803 2084 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:14:20.0850 2084 WPDBusEnum - ok
18:14:20.0881 2084 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:14:20.0943 2084 ws2ifsl - ok
18:14:20.0975 2084 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:14:21.0037 2084 wscsvc - ok
18:14:21.0037 2084 WSearch - ok
18:14:21.0146 2084 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:14:21.0287 2084 wuauserv - ok
18:14:21.0287 2084 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:14:21.0365 2084 WudfPf - ok
18:14:21.0396 2084 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:21.0474 2084 WUDFRd - ok
18:14:21.0505 2084 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:14:21.0583 2084 wudfsvc - ok
18:14:21.0614 2084 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:14:21.0677 2084 WwanSvc - ok
18:14:21.0708 2084 ================ Scan global ===============================
18:14:21.0723 2084 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:14:21.0770 2084 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:14:21.0817 2084 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:14:21.0848 2084 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:14:21.0879 2084 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:14:21.0895 2084 [Global] - ok
18:14:21.0895 2084 ================ Scan MBR ==================================
18:14:21.0911 2084 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:14:22.0347 2084 \Device\Harddisk0\DR0 - ok
18:14:22.0347 2084 ================ Scan VBR ==================================
18:14:22.0347 2084 [ 42D9A4950A8BB8F0E179DB385EC4D049 ] \Device\Harddisk0\DR0\Partition1
18:14:22.0347 2084 \Device\Harddisk0\DR0\Partition1 - ok
18:14:22.0379 2084 [ 081B0AD7E991FA04728305D08FBE215A ] \Device\Harddisk0\DR0\Partition2
18:14:22.0379 2084 \Device\Harddisk0\DR0\Partition2 - ok
18:14:22.0379 2084 ============================================================
18:14:22.0379 2084 Scan finished
18:14:22.0379 2084 ============================================================
18:14:22.0394 3796 Detected object count: 0
18:14:22.0394 3796 Actual detected object count: 0
|
|
22.11.2012, 19:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search (Firefox) lässt sich nicht deinstallieren! Dann auch bitte das ältere (erste) Log vom TDSS-Killer poste Liegt direkt auf C
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.11.2012, 20:17
| #5 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! Beim ersten Mal habe ich leider keinen Report aufgerufen, sondern die Datei gelöscht  (siehe http://www.trojaner-board.de/82358-t...entfernen.html : "Lasse die Funde entfernen" was ich noch habe ist: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 23:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,36% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 253,14 Gb Free Space | 88,51% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 1,57 Gb Free Space | 42,18% Space Free | Partition Type: FAT32
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06038C11-7ADF-4B8E-A80D-581E8F761C99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08A11683-D1A0-46C0-9138-5351BF9F6A87}" = lport=137 | protocol=17 | dir=in | app=system |
"{1DC71B89-A865-43D9-ACCC-63EDABE50018}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2014F569-B0CA-44E2-94C3-6E6DA15A9429}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B1294A8-A67B-4007-9FD5-3CB6C55E89D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D917289-81CF-41A9-AD15-CA32734034CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58F98DB2-38CA-4208-8C02-00F5FC74E994}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BDA6382-DA33-4B69-8883-BF3C9D827228}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{607B0F88-3B60-493B-BAF4-420752D4A456}" = rport=138 | protocol=17 | dir=out | app=system |
"{64E2A8F6-C7C7-4C69-A665-C97A19382E4C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81EE8A63-1156-48BD-A93A-D8618D46369A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82806B6B-1FD8-4C9B-AFA0-CD7F5ECA080E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C059514-9CF3-4C1D-AC56-CDCF481F8C9B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEBF4FF1-2AA6-4303-A895-3253FD120D5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{C077E69F-3B42-41F2-A449-DC479DD6F050}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4FCB226-52E7-4A9B-BEF6-858A053357DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{C78AABCF-9B96-45CD-82B5-AD4F5D6DC102}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF850F7F-794E-420D-B56B-1AED9570E48B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D398B631-0CA2-4A48-8E03-D003C1210344}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8FA482E-3609-4000-851A-F277E7237A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF4A903B-8181-4605-8FE3-B2CBC8B7065A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0737406-9D7F-46A0-9051-6C1819039D61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F69CA2AE-7762-42B8-85BC-6E2F47112D96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130EBF12-DFAD-4D5D-A82F-A4023890773A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2B6D0195-C8FC-44E6-A873-90D755DA5065}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2EEFF40A-18ED-4806-AAA0-B8B6E887AD4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38614B65-B845-42F4-8FBB-D380220F4859}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E44B3F-80BB-48E6-A764-32DE22F7A24F}" = protocol=6 | dir=out | app=system |
"{48848554-291F-4472-9FE5-546ED5F95E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BE5ADB2-F385-4B29-9EDE-F9DDE20AE5A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{53F76614-7D5A-416B-A048-FE1C2B7BA10F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58413B46-A771-41B0-A279-71459228DB5D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{59B54611-8382-4A13-9B52-2E2B638831B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69812E27-1AE0-44D7-B208-0173932CC738}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83E67FB5-ED70-4BF0-AE50-B12A3BFFDFA6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8A00D749-8ABE-4D4C-9AC6-6AD74CC44915}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AE3190A-9724-46B5-867B-F8869A5E10D0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8E38219A-860B-4E12-99DD-0BC367EF7EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9505B127-D2D9-40BD-8CF3-C3C794789B4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{983C4DBA-2F6C-49FF-826C-82351FD65497}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{9B18D374-38EC-41F5-8959-C79AF7CD8BAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A292878F-AF7F-492B-ABD1-D7800E34AE23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0CE664B-3857-4D23-ADC6-D96AA61BA05D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1447F2A-A9C5-4466-B12B-DA9B4D4B4583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3265E3F-B616-43D6-AA68-00E828EF7FD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6861E5C-E575-4540-BA59-2D79221BFE3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C961F347-5AB2-44D2-9D9A-3B0209292B65}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE440304-0D1A-408A-BF32-C179B818602E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E602D374-2089-40A0-9636-6885B5A4F7C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F894F4A6-44B4-4F7D-8B50-579C0F69E1C2}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 19.11.2012 12:56:05 | Computer Name = WIN-M52VITFDOHC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.11.2012 12:57:05 | Computer Name = WIN-M52VITFDOHC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 19.11.2012 13:06:26 | Computer Name = Steffie-PC | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht
starten.
< End of report >
Code:
ATTFilter OTL logfile created on: 20.11.2012 23:23:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,36% Memory free 3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 253,14 Gb Free Space | 88,51% Space Free | Partition Type: NTFS Drive D: | 3,73 Gb Total Space | 1,57 Gb Free Space | 42,18% Space Free | Partition Type: FAT32 Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.20 23:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\OTL.exe PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.09.24 13:14:42 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE PRC - [2009.09.10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.04.16 08:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV - [2012.11.20 18:00:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.17 00:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager) SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.10.29 20:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.09.21 04:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 23:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.04.27 09:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.26 04:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=001a326a000000000000001e64297dec IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE511 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec" FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=001a326a000000000000001e64297dec&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 09:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.20 17:51:52 | 000,000,000 | ---D | M] [2012.11.20 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.11.20 20:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions [2012.11.20 09:49:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.20 20:33:53 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2012.11.20 20:10:39 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de [2012.11.20 20:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged [2012.11.20 20:10:34 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de.xpi [2012.11.20 09:49:48 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.20 20:33:53 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2012.11.20 09:41:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.20 20:33:58 | 000,005,212 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\ecosia.xml [2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\mngr.xml [2012.11.20 09:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.20 17:51:52 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33AF98BE-F3A9-4F9B-89BC-ECF7E761A48F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 23:01:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.20 22:26:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.20 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Adobe [2012.11.20 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Thunderbird [2012.11.20 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Thunderbird [2012.11.20 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.11.20 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Macromedia [2012.11.20 17:59:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.11.20 17:52:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.20 17:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\pdfforge [2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Babylon [2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.20 17:51:09 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.11.20 17:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.11.20 17:49:52 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Programs [2012.11.20 12:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.20 10:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.11.20 09:40:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla [2012.11.20 09:40:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Mozilla [2012.11.20 09:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.11.20 09:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.20 09:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.20 09:32:43 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira [2012.11.20 09:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.20 09:27:07 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.20 09:27:07 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.20 09:27:07 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.20 09:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.20 09:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.20 02:47:54 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2012.11.20 02:46:51 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2012.11.20 02:46:51 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2012.11.20 02:46:49 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2012.11.20 02:46:49 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2012.11.20 02:41:56 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log [2012.11.19 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Adobe [2012.11.19 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Google [2012.11.19 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Google [2012.11.19 18:43:23 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Macromedia [2012.11.19 18:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2012.11.19 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.11.19 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Help [2012.11.19 18:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.11.19 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.11.19 18:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.11.19 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2012.11.19 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.11.19 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.11.19 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.11.19 18:28:25 | 001,658,880 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE [2012.11.19 18:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam [2012.11.19 18:27:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\InstallShield [2012.11.19 18:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.11.19 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\EgisTec [2012.11.19 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0 [2012.11.19 18:22:43 | 000,000,000 | ---D | C] -- C:\book [2012.11.19 18:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XX\Searches [2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.19 18:21:58 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Identities [2012.11.19 18:21:54 | 000,000,000 | R--D | C] -- C:\Users\XXX\Contacts [2012.11.19 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\VirtualStore [2012.11.19 18:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2012.11.19 18:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Vorlagen [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Verlauf [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Temporary Internet Files [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Startmenü [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\SendTo [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Recent [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Netzwerkumgebung [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Lokale Einstellungen [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Videos [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Musik [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Eigene Dateien [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Bilder [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Druckumgebung [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Cookies [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Anwendungsdaten [2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Anwendungsdaten [2012.11.19 18:19:07 | 000,000,000 | --SD | C] -- C:\Users\XXX\AppData\Roaming\Microsoft [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Videos [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Saved Games [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Pictures [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Music [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Links [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Favorites [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Downloads [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Documents [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Desktop [2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.19 18:19:07 | 000,000,000 | -H-D | C] -- C:\Users\XXX\AppData [2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Temp [2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft [2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.19 17:58:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.19 17:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang [2012.11.19 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64 [2012.11.19 17:55:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.02.23 09:10:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.11.20 23:22:06 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable [2012.11.20 23:10:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 23:10:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 23:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 23:02:15 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 22:58:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 22:56:02 | 000,000,512 | ---- | M] () -- C:\Users\XXX\Desktop\MBR.dat [2012.11.20 22:26:55 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.20 21:04:44 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 21:04:44 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 21:04:44 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 21:04:44 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 21:04:44 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 20:36:24 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.11.20 17:51:20 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.20 12:27:00 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.20 10:40:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.20 10:40:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.20 09:39:56 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.20 02:47:37 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2012.11.20 02:47:37 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2012.11.20 02:46:51 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2012.11.20 02:46:51 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2012.11.20 02:46:49 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2012.11.20 02:46:49 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2012.11.20 02:41:56 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag [2012.11.19 19:44:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.19 18:32:35 | 000,000,020 | ---- | M] () -- C:\Windows\hó§ [2012.11.19 18:26:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.11.19 18:19:38 | 000,014,756 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.11.19 18:18:24 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.11.19 18:18:24 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.11.19 17:58:40 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.11.20 23:22:06 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable [2012.11.20 22:56:02 | 000,000,512 | ---- | C] () -- C:\Users\XXX\Desktop\MBR.dat [2012.11.20 22:26:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.20 22:26:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.20 20:36:24 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.11.20 20:36:24 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.11.20 18:00:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 17:51:20 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.11.20 10:40:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.20 10:40:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.20 09:39:56 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.20 09:39:56 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.20 02:51:58 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag [2012.11.20 02:48:19 | 000,643,866 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 02:48:19 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2012.11.20 02:48:19 | 000,126,394 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 02:48:19 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2012.11.19 19:44:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.19 18:40:52 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012.11.19 18:40:31 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.11.19 18:32:33 | 000,000,020 | ---- | C] () -- C:\Windows\hó§ [2012.11.19 18:28:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.11.19 18:28:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.11.19 18:28:26 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2012.11.19 18:28:26 | 000,008,362 | ---- | C] () -- C:\Windows\Suyin.reg [2012.11.19 18:28:26 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2012.11.19 18:26:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.11.19 18:22:19 | 000,001,413 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.11.19 18:22:12 | 000,001,447 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.19 18:19:38 | 000,014,756 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.11.19 17:55:17 | 1556,279,296 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.20 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Babylon [2012.11.20 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\pdfforge [2012.11.20 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > |
|
22.11.2012, 20:54
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search (Firefox) lässt sich nicht deinstallieren! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Claro Search (Firefox) lässt sich nicht deinstallieren! |
|
22.11.2012, 22:20
| #7 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! hier die Logfile von Combifix: Code:
ATTFilter ComboFix 12-11-22.03 - XXX22.11.2012 22:02:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1979.1160 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-22 bis 2012-11-22 ))))))))))))))))))))))))))))))
.
.
2012-11-22 21:11 . 2012-11-22 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 23:18 . 2012-11-20 23:18 -------- d-----w- c:\program files (x86)\7-Zip
2012-11-20 22:01 . 2012-11-20 22:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-20 19:36 . 2012-11-20 19:36 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-20 17:00 . 2012-11-20 17:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-20 17:00 . 2012-11-20 17:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-20 16:59 . 2012-11-20 16:59 -------- d-----w- c:\windows\system32\Macromed
2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\programdata\Browser Manager
2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\programdata\Babylon
2012-11-20 16:51 . 2012-10-12 06:34 100864 ----a-w- c:\windows\system32\pdfcmon.dll
2012-11-20 16:51 . 2012-05-05 10:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-20 16:51 . 2012-05-05 10:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-11-20 16:51 . 2012-11-20 16:52 -------- d-----w- c:\program files (x86)\PDFCreator
2012-11-20 16:51 . 2012-05-05 10:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-11-20 16:51 . 1998-07-06 17:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-11-20 16:51 . 1998-07-06 17:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-11-20 16:51 . 1998-07-06 17:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-11-20 16:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35ED8A3C-400F-4E17-91E9-1820DF44388E}\mpengine.dll
2012-11-20 16:50 . 2011-04-28 03:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-11-20 16:50 . 2011-04-28 03:58 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-11-20 11:24 . 2012-11-20 11:24 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-11-20 11:24 . 2012-11-20 11:24 -------- d-----w- c:\windows\system32\wbem\en-US
2012-11-20 11:09 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-11-20 11:09 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-11-20 11:09 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-11-20 11:09 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-11-20 11:09 . 2011-06-15 09:58 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-11-20 11:09 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-11-20 11:09 . 2011-06-15 09:04 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-11-20 11:09 . 2011-06-15 09:04 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-11-20 11:09 . 2011-06-15 09:04 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-11-20 11:09 . 2011-06-15 09:04 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-11-20 11:09 . 2011-06-15 09:04 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-11-20 11:07 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-11-20 11:07 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2012-11-20 11:05 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-11-20 11:02 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-11-20 11:02 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-20 11:02 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-20 11:02 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-11-20 11:02 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-20 11:02 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-11-20 11:02 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-11-20 11:02 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-11-20 11:02 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-11-20 11:02 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-11-20 11:00 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-11-20 11:00 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-11-20 10:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-11-20 10:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-11-20 10:53 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-11-20 10:53 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-11-20 10:53 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2012-11-20 10:53 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-11-20 10:53 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-11-20 10:53 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-11-20 10:49 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2012-11-20 10:49 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2012-11-20 10:44 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-20 10:44 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-20 10:44 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-11-20 10:44 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-11-20 10:43 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-11-20 10:43 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-11-20 10:43 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-11-20 10:43 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-11-20 10:41 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-11-20 10:41 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2012-11-20 10:41 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2012-11-20 10:41 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2012-11-20 10:41 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2012-11-20 10:41 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2012-11-20 10:41 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2012-11-20 10:41 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2012-11-20 10:41 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2012-11-20 10:41 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2012-11-20 10:39 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2012-11-20 10:39 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2012-11-20 10:37 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-11-20 10:37 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-11-20 10:37 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-11-20 10:34 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 10:32 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll
2012-11-20 10:32 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll
2012-11-20 10:21 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-11-20 10:21 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-11-20 10:21 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-11-20 10:21 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-11-20 10:17 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-11-20 10:17 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2012-11-20 10:14 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-20 10:06 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2012-11-20 10:06 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2012-11-20 10:04 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-20 10:04 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-11-20 10:04 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-11-20 10:03 . 2009-10-31 06:34 2870272 ----a-w- c:\windows\explorer.exe
2012-11-20 10:03 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\SysWow64\explorer.exe
2012-11-20 10:03 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2012-11-20 10:00 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-11-20 10:00 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-20 10:00 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-11-20 10:00 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-11-20 09:56 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-11-20 09:54 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-11-20 09:54 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2012-11-20 09:53 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-11-20 09:53 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-11-20 09:53 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-11-20 09:48 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-11-20 09:48 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-11-20 09:48 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-20 09:48 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-11-20 09:48 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-11-20 09:48 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-11-20 09:48 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-20 09:48 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-11-20 09:48 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-20 09:48 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-11-20 09:45 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-20 09:44 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-20 09:43 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-11-20 09:43 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-20 09:43 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2012-11-20 09:43 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 01:46 . 2012-11-20 01:46 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-11-20 01:46 . 2012-11-20 01:46 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-11-19 16:58 . 2010-02-23 08:16 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-06 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-2-23 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 84256]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-11-12 2402840]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-04-27 57344]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33936882
*NewlyCreated* - 81774105
*Deregistered* - 33936882
*Deregistered* - 81774105
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 17:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=001a326a000000000000001e64297dec&q=
FF - ExtSQL: 2012-11-20 09:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-20 09:49; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-20 09:49; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 001a326a000000000000001e64297dec
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15664
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1017:51
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-87683753.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-22 22:15:12
ComboFix-quarantined-files.txt 2012-11-22 21:15
.
Vor Suchlauf: 9 Verzeichnis(se), 271.260.807.168 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 270.993.145.856 Bytes frei
.
- - End Of File - - 08C751954EDDBA2B8FA29756CCFBB650
 |
|
23.11.2012, 10:41
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search (Firefox) lässt sich nicht deinstallieren!Zitat:
 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 15:13
| #9 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! Ok, also hier noch die ältere ADW-Cleaner [R1] vom 20.11. - vor meinem Eröffnungsthread: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 20/11/2012 um 23:09:21 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : xxx- xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\STEFAN~1\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Babylon
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gefunden : user_pref("extensions.claro.instlDay", "15664");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]
*************************
AdwCleaner[R1].txt - [5338 octets] - [20/11/2012 23:09:21]
########## EOF - C:\AdwCleaner[R1].txt - [5398 octets] ##########
und hier die soeben durchgeführte AdwCleaner [R2]: Code:
ATTFilter # AdwCleaner v2.009 - Datei am 26/11/2012 um 15:07:41 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - xxxPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gefunden : user_pref("extensions.claro.instlDay", "15664");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]
*************************
AdwCleaner[R1].txt - [5461 octets] - [20/11/2012 23:09:21]
AdwCleaner[R2].txt - [4426 octets] - [26/11/2012 15:07:41]
########## EOF - C:\AdwCleaner[R2].txt - [4486 octets] ##########
|
|
26.11.2012, 17:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search (Firefox) lässt sich nicht deinstallieren! adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 17:33
| #11 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! ADWCleaner [S1] Code:
ATTFilter # AdwCleaner v2.009 - Datei am 26/11/2012 um 17:26:21 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx- xxxPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js
C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gelöscht : user_pref("extensions.claro.instlDay", "15664");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]
*************************
AdwCleaner[R1].txt - [5461 octets] - [20/11/2012 23:09:21]
AdwCleaner[R2].txt - [4511 octets] - [26/11/2012 15:07:41]
AdwCleaner[R3].txt - [4613 octets] - [26/11/2012 15:18:51]
AdwCleaner[S1].txt - [4542 octets] - [26/11/2012 17:26:21]
########## EOF - C:\AdwCleaner[S1].txt - [4602 octets] ##########
|
|
26.11.2012, 17:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro Search (Firefox) lässt sich nicht deinstallieren! Denkst du auch an OTL?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 18:11
| #13 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! Zitat: "Der Text, den Sie eingegeben haben, besteht aus 213531 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen. Logs bitte als Archiv an den Beitrag anhängen!" Ich bekomme leider keine Funktion angezeigt, Dateien hochzuladen |
|
26.11.2012, 18:20
| #14 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! Ah, jetzt gehs  |
|
26.11.2012, 18:56
| #15 |
| | Claro Search (Firefox) lässt sich nicht deinstallieren! 1. Teil der OTL-Datei: Code:
ATTFilter OTL logfile created on: 26.11.2012 17:36:19 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Usersxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 52,52% Memory free 3,87 Gb Paging File | 2,63 Gb Available in Paging File | 68,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 258,48 Gb Free Space | 90,38% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Windows\PLFSetI.exe () ========== Modules (No Company Name) ========== MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\PLFSetI.exe () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=001a326a000000000000001e64297dec IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE511 IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2 FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 09:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.20 17:51:52 | 000,000,000 | ---D | M] [2012.11.20 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Extensions [2012.11.26 17:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions [2012.11.22 22:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012.11.20 09:49:48 | 000,000,000 | ---D | M] (WOT) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.20 20:33:53 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2012.11.23 19:33:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.11.20 20:10:39 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de [2012.11.20 20:10:34 | 000,025,781 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de.xpi [2012.11.22 22:16:55 | 000,530,519 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.20 20:33:53 | 000,017,696 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2012.11.23 19:33:06 | 000,804,627 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.20 20:33:58 | 000,005,212 | ---- | M] () -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\ecosia.xml [2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\mngr.xml [2012.11.20 09:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.20 17:51:52 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.22 22:11:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33AF98BE-F3A9-4F9B-89BC-ECF7E761A48F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) |
|
| Themen zu Claro Search (Firefox) lässt sich nicht deinstallieren! |
| aswmbr, computer, computern, datei, downloaden, entfernen, explorer, firefox, forum, freeware, funktioniert, geld, gelöscht, gen, google, kompetent, laptop, löschen, neue, nicht mehr, programme, recovery, seite, systemsteuerung, tab, wenig ahnung, windows, windows explorer |
Linear-Darstellung
