Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Claro Search (Firefox) lässt sich nicht deinstallieren!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2012, 00:29   #1
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Hallo,

ich habe mit Hilfe von Google lediglich dieses Forum als vertrauenswürdig und kompetent gefunden, weil das "Claro Search"-Problem hier bereits behandelt wurde und wohl recht aktuell ist. Claro Search lässt sich bei Firefox nicht mehr entfernen, jeder neue Tab lotst mich auf deren Seite und aus der Toolbar bekomme ich es auch nicht heraus. Ich habe es anfangs mit deinstallieren unter Systemsteuerung versucht, aber hat nix geholfen.

Dann habe ich die Anleitungen und Schritte befolgt, die in dem vorhandenen Thread gegeben wurden (http://www.trojaner-board.de/126227-...entfernen.html) - bevor ich mich hier regisitriert habe und lesen musste, dass frau dies NICHT tun soll

Von Computern habe ich leider sehr wenig Ahnung und tue mich mit technischen Details schwer. Erst gestern wurde an meinem Laptop vom Fachmann ein komplettes Recovery durchgeführt, weil der Windows Explorer nicht mehr funktioniert hat (auch nicht im abgesicherten Modus) und das Problem nicht behoben werden konnte. Heute musste ich dementsprechend alle Programme neu installieren und freeware downloaden, dabei hat sich dieses Claro Search wohl eingeschlichen.

Ich habe bereits tdsskiller, OTL, defogger, aswMBR und adwcleaner runtergeladen und die Programme/Scans laufen lassen. Eine Datei wurde tatsächlich gefunden, allerdings hatte ich in einem Thread gelesen "delete", in dem obigen Thread stand jedoch "auf keinen Fall löschen". Naja, ich habs gelöscht
Kann mir bitte bitte jemand helfen? Das wäre toll! Ich will ungern erneut viel Geld ausgeben und ins Fachgeschäft gehen müssen, um ein erneutes Recovery durchführen zu lassen.
Danke schonmal.
Angehängte Dateien
Dateityp: 7z Downloads.7z (14,7 KB, 96x aufgerufen)
Dateityp: txt aswMBR.txt (1,9 KB, 150x aufgerufen)

Alt 21.11.2012, 19:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 22.11.2012, 18:20   #3
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Hallo Cosinus,

und danke für die Unterstützung. Also mit dem TDSSKiller-Tool erhalte ich folgenden Report:

Code:
ATTFilter
18:13:17.0155 3920  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:13:17.0420 3920  ============================================================
18:13:17.0420 3920  Current date / time: 2012/11/22 18:13:17.0420
18:13:17.0420 3920  SystemInfo:
18:13:17.0420 3920  
18:13:17.0420 3920  OS Version: 6.1.7600 ServicePack: 0.0
18:13:17.0420 3920  Product type: Workstation
18:13:17.0436 3920  ComputerName: XXX-PC
18:13:17.0436 3920  UserName: XXX
18:13:17.0436 3920  Windows directory: C:\Windows
18:13:17.0436 3920  System windows directory: C:\Windows
18:13:17.0436 3920  Running under WOW64
18:13:17.0436 3920  Processor architecture: Intel x64
18:13:17.0436 3920  Number of processors: 2
18:13:17.0436 3920  Page size: 0x1000
18:13:17.0436 3920  Boot type: Normal boot
18:13:17.0436 3920  ============================================================
18:13:18.0325 3920  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:18.0340 3920  ============================================================
18:13:18.0340 3920  \Device\Harddisk0\DR0:
18:13:18.0340 3920  MBR partitions:
18:13:18.0340 3920  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:13:18.0340 3920  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x23BFB800
18:13:18.0340 3920  ============================================================
18:13:18.0372 3920  C: <-> \Device\Harddisk0\DR0\Partition2
18:13:18.0372 3920  ============================================================
18:13:18.0372 3920  Initialize success
18:13:18.0372 3920  ============================================================
18:13:41.0506 2084  ============================================================
18:13:41.0506 2084  Scan started
18:13:41.0506 2084  Mode: Manual; SigCheck; TDLFS; 
18:13:41.0506 2084  ============================================================
18:13:42.0552 2084  ================ Scan system memory ========================
18:13:42.0567 2084  System memory - ok
18:13:42.0567 2084  ================ Scan services =============================
18:13:42.0739 2084  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
18:13:43.0363 2084  1394ohci - ok
18:13:43.0410 2084  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
18:13:43.0441 2084  ACPI - ok
18:13:43.0488 2084  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
18:13:43.0612 2084  AcpiPmi - ok
18:13:43.0690 2084  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:13:43.0753 2084  AdobeARMservice - ok
18:13:43.0878 2084  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:13:43.0924 2084  AdobeFlashPlayerUpdateSvc - ok
18:13:43.0987 2084  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:13:44.0049 2084  adp94xx - ok
18:13:44.0112 2084  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:13:44.0174 2084  adpahci - ok
18:13:44.0174 2084  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:13:44.0221 2084  adpu320 - ok
18:13:44.0252 2084  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:13:44.0439 2084  AeLookupSvc - ok
18:13:44.0486 2084  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
18:13:44.0564 2084  AFD - ok
18:13:44.0595 2084  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
18:13:44.0626 2084  agp440 - ok
18:13:44.0673 2084  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:13:44.0736 2084  ALG - ok
18:13:44.0751 2084  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
18:13:44.0798 2084  aliide - ok
18:13:44.0798 2084  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
18:13:44.0829 2084  amdide - ok
18:13:44.0845 2084  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:13:44.0923 2084  AmdK8 - ok
18:13:44.0938 2084  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:13:45.0001 2084  AmdPPM - ok
18:13:45.0032 2084  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
18:13:45.0063 2084  amdsata - ok
18:13:45.0079 2084  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:13:45.0110 2084  amdsbs - ok
18:13:45.0126 2084  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
18:13:45.0172 2084  amdxata - ok
18:13:45.0204 2084  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
18:13:45.0297 2084  AmUStor - ok
18:13:45.0375 2084  [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:13:45.0391 2084  AntiVirSchedulerService - ok
18:13:45.0422 2084  [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:13:45.0453 2084  AntiVirService - ok
18:13:45.0500 2084  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
18:13:45.0594 2084  AppID - ok
18:13:45.0625 2084  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:13:45.0718 2084  AppIDSvc - ok
18:13:45.0734 2084  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
18:13:45.0812 2084  Appinfo - ok
18:13:45.0828 2084  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:13:45.0874 2084  arc - ok
18:13:45.0874 2084  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:13:45.0921 2084  arcsas - ok
18:13:45.0921 2084  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:13:46.0030 2084  AsyncMac - ok
18:13:46.0030 2084  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
18:13:46.0062 2084  atapi - ok
18:13:46.0140 2084  [ 88A02B6046356E6BE4E387FAA7451439 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:13:46.0311 2084  athr - ok
18:13:46.0374 2084  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:13:46.0467 2084  AudioEndpointBuilder - ok
18:13:46.0483 2084  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:13:46.0561 2084  AudioSrv - ok
18:13:46.0608 2084  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:13:46.0670 2084  avgntflt - ok
18:13:46.0701 2084  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:13:46.0732 2084  avipbb - ok
18:13:46.0748 2084  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:13:46.0779 2084  avkmgr - ok
18:13:46.0810 2084  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:13:46.0920 2084  AxInstSV - ok
18:13:46.0998 2084  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:13:47.0076 2084  b06bdrv - ok
18:13:47.0107 2084  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:13:47.0185 2084  b57nd60a - ok
18:13:47.0232 2084  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:13:47.0294 2084  BDESVC - ok
18:13:47.0310 2084  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:13:47.0419 2084  Beep - ok
18:13:47.0466 2084  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
18:13:47.0590 2084  BFE - ok
18:13:47.0637 2084  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
18:13:47.0762 2084  BITS - ok
18:13:47.0809 2084  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:13:47.0856 2084  blbdrive - ok
18:13:47.0902 2084  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:13:47.0980 2084  bowser - ok
18:13:47.0980 2084  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:13:48.0043 2084  BrFiltLo - ok
18:13:48.0058 2084  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:13:48.0090 2084  BrFiltUp - ok
18:13:48.0136 2084  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
18:13:48.0199 2084  Browser - ok
18:13:48.0324 2084  [ 83DE1ABA61074DA70F5011D28610B18D ] Browser Manager C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
18:13:48.0480 2084  Browser Manager - ok
18:13:48.0511 2084  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:13:48.0604 2084  Brserid - ok
18:13:48.0604 2084  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:13:48.0667 2084  BrSerWdm - ok
18:13:48.0682 2084  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:13:48.0729 2084  BrUsbMdm - ok
18:13:48.0729 2084  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:13:48.0776 2084  BrUsbSer - ok
18:13:48.0807 2084  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:13:48.0885 2084  BthEnum - ok
18:13:48.0885 2084  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:13:48.0932 2084  BTHMODEM - ok
18:13:48.0948 2084  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:13:48.0994 2084  BthPan - ok
18:13:49.0041 2084  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:13:49.0119 2084  BTHPORT - ok
18:13:49.0182 2084  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:13:49.0275 2084  bthserv - ok
18:13:49.0291 2084  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:13:49.0338 2084  BTHUSB - ok
18:13:49.0353 2084  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:13:49.0447 2084  cdfs - ok
18:13:49.0478 2084  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:13:49.0525 2084  cdrom - ok
18:13:49.0572 2084  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:13:49.0650 2084  CertPropSvc - ok
18:13:49.0665 2084  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:13:49.0728 2084  circlass - ok
18:13:49.0759 2084  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:13:49.0790 2084  CLFS - ok
18:13:49.0884 2084  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:13:49.0915 2084  clr_optimization_v2.0.50727_32 - ok
18:13:49.0962 2084  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:13:49.0993 2084  clr_optimization_v2.0.50727_64 - ok
18:13:50.0040 2084  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:13:50.0086 2084  CmBatt - ok
18:13:50.0086 2084  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
18:13:50.0118 2084  cmdide - ok
18:13:50.0164 2084  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:13:50.0258 2084  CNG - ok
18:13:50.0289 2084  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:13:50.0336 2084  Compbatt - ok
18:13:50.0336 2084  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:13:50.0383 2084  CompositeBus - ok
18:13:50.0398 2084  COMSysApp - ok
18:13:50.0398 2084  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:13:50.0445 2084  crcdisk - ok
18:13:50.0476 2084  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:13:50.0554 2084  CryptSvc - ok
18:13:50.0617 2084  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:13:50.0726 2084  DcomLaunch - ok
18:13:50.0773 2084  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:13:50.0866 2084  defragsvc - ok
18:13:50.0913 2084  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:13:50.0976 2084  DfsC - ok
18:13:51.0007 2084  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:13:51.0100 2084  Dhcp - ok
18:13:51.0132 2084  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:13:51.0225 2084  discache - ok
18:13:51.0241 2084  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:13:51.0288 2084  Disk - ok
18:13:51.0350 2084  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\SysWOW64\Drivers\DKbFltr.sys
18:13:51.0381 2084  DKbFltr - ok
18:13:51.0412 2084  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:13:51.0490 2084  Dnscache - ok
18:13:51.0506 2084  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
18:13:51.0615 2084  dot3svc - ok
18:13:51.0631 2084  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
18:13:51.0709 2084  DPS - ok
18:13:51.0740 2084  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:13:51.0771 2084  drmkaud - ok
18:13:51.0834 2084  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:13:51.0927 2084  DXGKrnl - ok
18:13:51.0958 2084  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:13:52.0036 2084  EapHost - ok
18:13:52.0146 2084  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:13:52.0317 2084  ebdrv - ok
18:13:52.0348 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
18:13:52.0395 2084  EFS - ok
18:13:52.0473 2084  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:13:52.0567 2084  ehRecvr - ok
18:13:52.0582 2084  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:13:52.0629 2084  ehSched - ok
18:13:52.0660 2084  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:13:52.0723 2084  elxstor - ok
18:13:52.0801 2084  [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:13:52.0879 2084  ePowerSvc - ok
18:13:52.0894 2084  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
18:13:52.0957 2084  ErrDev - ok
18:13:53.0019 2084  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:13:53.0097 2084  EventSystem - ok
18:13:53.0128 2084  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:13:53.0222 2084  exfat - ok
18:13:53.0238 2084  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:13:53.0331 2084  fastfat - ok
18:13:53.0378 2084  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
18:13:53.0456 2084  Fax - ok
18:13:53.0472 2084  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:13:53.0518 2084  fdc - ok
18:13:53.0534 2084  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:13:53.0612 2084  fdPHost - ok
18:13:53.0612 2084  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:13:53.0690 2084  FDResPub - ok
18:13:53.0706 2084  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:13:53.0753 2084  FileInfo - ok
18:13:53.0753 2084  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:13:53.0831 2084  Filetrace - ok
18:13:53.0846 2084  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:13:53.0877 2084  flpydisk - ok
18:13:53.0909 2084  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:13:53.0971 2084  FltMgr - ok
18:13:54.0033 2084  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
18:13:54.0127 2084  FontCache - ok
18:13:54.0174 2084  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:13:54.0205 2084  FontCache3.0.0.0 - ok
18:13:54.0236 2084  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:13:54.0267 2084  FsDepends - ok
18:13:54.0299 2084  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:13:54.0330 2084  Fs_Rec - ok
18:13:54.0361 2084  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:13:54.0392 2084  fvevol - ok
18:13:54.0408 2084  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:13:54.0455 2084  gagp30kx - ok
18:13:54.0501 2084  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
18:13:54.0579 2084  gpsvc - ok
18:13:54.0595 2084  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:13:54.0657 2084  hcw85cir - ok
18:13:54.0689 2084  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:13:54.0767 2084  HdAudAddService - ok
18:13:54.0782 2084  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:13:54.0813 2084  HDAudBus - ok
18:13:54.0829 2084  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:13:54.0876 2084  HidBatt - ok
18:13:54.0891 2084  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:13:54.0954 2084  HidBth - ok
18:13:54.0954 2084  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:13:55.0016 2084  HidIr - ok
18:13:55.0047 2084  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:13:55.0141 2084  hidserv - ok
18:13:55.0157 2084  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:13:55.0203 2084  HidUsb - ok
18:13:55.0235 2084  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:13:55.0328 2084  hkmsvc - ok
18:13:55.0344 2084  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:13:55.0437 2084  HomeGroupListener - ok
18:13:55.0469 2084  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:13:55.0515 2084  HomeGroupProvider - ok
18:13:55.0547 2084  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
18:13:55.0578 2084  HpSAMD - ok
18:13:55.0625 2084  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:13:55.0718 2084  HTTP - ok
18:13:55.0734 2084  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:13:55.0749 2084  hwpolicy - ok
18:13:55.0781 2084  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:13:55.0812 2084  i8042prt - ok
18:13:55.0905 2084  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:13:55.0937 2084  IAANTMON - ok
18:13:55.0983 2084  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:13:56.0015 2084  iaStor - ok
18:13:56.0046 2084  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
18:13:56.0093 2084  iaStorV - ok
18:13:56.0155 2084  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:13:56.0264 2084  idsvc - ok
18:13:56.0561 2084  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:13:57.0075 2084  igfx - ok
18:13:57.0107 2084  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:13:57.0138 2084  iirsp - ok
18:13:57.0200 2084  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
18:13:57.0294 2084  IKEEXT - ok
18:13:57.0387 2084  [ 1A6241B70453A6629A83DB942AA6B08C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:13:57.0543 2084  IntcAzAudAddService - ok
18:13:57.0575 2084  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:13:57.0637 2084  IntcHdmiAddService - ok
18:13:57.0668 2084  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
18:13:57.0699 2084  intelide - ok
18:13:57.0715 2084  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:13:57.0762 2084  intelppm - ok
18:13:57.0793 2084  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:13:57.0871 2084  IPBusEnum - ok
18:13:57.0887 2084  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:13:57.0965 2084  IpFilterDriver - ok
18:13:57.0996 2084  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:13:58.0105 2084  iphlpsvc - ok
18:13:58.0121 2084  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:13:58.0183 2084  IPMIDRV - ok
18:13:58.0199 2084  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:13:58.0277 2084  IPNAT - ok
18:13:58.0292 2084  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:13:58.0323 2084  IRENUM - ok
18:13:58.0339 2084  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
18:13:58.0370 2084  isapnp - ok
18:13:58.0386 2084  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:13:58.0433 2084  iScsiPrt - ok
18:13:58.0448 2084  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:13:58.0479 2084  kbdclass - ok
18:13:58.0495 2084  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:13:58.0542 2084  kbdhid - ok
18:13:58.0557 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
18:13:58.0589 2084  KeyIso - ok
18:13:58.0620 2084  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:13:58.0651 2084  KSecDD - ok
18:13:58.0682 2084  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:13:58.0729 2084  KSecPkg - ok
18:13:58.0745 2084  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:13:58.0838 2084  ksthunk - ok
18:13:58.0869 2084  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:13:58.0963 2084  KtmRm - ok
18:13:58.0994 2084  [ AD88105EFDDC55877EA8D06346D75989 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
18:13:59.0057 2084  L1C - ok
18:13:59.0119 2084  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:13:59.0166 2084  LanmanServer - ok
18:13:59.0197 2084  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:13:59.0275 2084  LanmanWorkstation - ok
18:13:59.0306 2084  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:13:59.0400 2084  lltdio - ok
18:13:59.0431 2084  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:13:59.0509 2084  lltdsvc - ok
18:13:59.0540 2084  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:13:59.0603 2084  lmhosts - ok
18:13:59.0634 2084  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:13:59.0665 2084  LSI_FC - ok
18:13:59.0681 2084  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:13:59.0712 2084  LSI_SAS - ok
18:13:59.0727 2084  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:13:59.0774 2084  LSI_SAS2 - ok
18:13:59.0774 2084  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:13:59.0805 2084  LSI_SCSI - ok
18:13:59.0837 2084  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:13:59.0915 2084  luafv - ok
18:13:59.0930 2084  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:13:59.0977 2084  Mcx2Svc - ok
18:13:59.0993 2084  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:14:00.0024 2084  megasas - ok
18:14:00.0055 2084  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:00.0117 2084  MegaSR - ok
18:14:00.0133 2084  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:14:00.0227 2084  MMCSS - ok
18:14:00.0227 2084  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:14:00.0320 2084  Modem - ok
18:14:00.0320 2084  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:14:00.0367 2084  monitor - ok
18:14:00.0367 2084  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:14:00.0398 2084  mouclass - ok
18:14:00.0414 2084  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:14:00.0476 2084  mouhid - ok
18:14:00.0476 2084  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:14:00.0507 2084  mountmgr - ok
18:14:00.0554 2084  [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:14:00.0585 2084  MozillaMaintenance - ok
18:14:00.0601 2084  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
18:14:00.0648 2084  mpio - ok
18:14:00.0648 2084  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:14:00.0726 2084  mpsdrv - ok
18:14:00.0773 2084  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:14:00.0882 2084  MpsSvc - ok
18:14:00.0897 2084  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:14:00.0960 2084  MRxDAV - ok
18:14:00.0991 2084  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:01.0038 2084  mrxsmb - ok
18:14:01.0069 2084  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:01.0116 2084  mrxsmb10 - ok
18:14:01.0147 2084  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:01.0194 2084  mrxsmb20 - ok
18:14:01.0225 2084  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
18:14:01.0256 2084  msahci - ok
18:14:01.0272 2084  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
18:14:01.0303 2084  msdsm - ok
18:14:01.0319 2084  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:14:01.0381 2084  MSDTC - ok
18:14:01.0397 2084  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:14:01.0459 2084  Msfs - ok
18:14:01.0475 2084  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:14:01.0553 2084  mshidkmdf - ok
18:14:01.0568 2084  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
18:14:01.0599 2084  msisadrv - ok
18:14:01.0631 2084  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:14:01.0724 2084  MSiSCSI - ok
18:14:01.0740 2084  msiserver - ok
18:14:01.0755 2084  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:14:01.0833 2084  MSKSSRV - ok
18:14:01.0849 2084  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:01.0927 2084  MSPCLOCK - ok
18:14:01.0943 2084  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:14:02.0021 2084  MSPQM - ok
18:14:02.0052 2084  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:14:02.0099 2084  MsRPC - ok
18:14:02.0114 2084  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:14:02.0145 2084  mssmbios - ok
18:14:02.0145 2084  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:14:02.0239 2084  MSTEE - ok
18:14:02.0239 2084  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:02.0286 2084  MTConfig - ok
18:14:02.0317 2084  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:14:02.0348 2084  Mup - ok
18:14:02.0379 2084  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:14:02.0411 2084  mwlPSDFilter - ok
18:14:02.0426 2084  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:14:02.0442 2084  mwlPSDNServ - ok
18:14:02.0457 2084  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:14:02.0489 2084  mwlPSDVDisk - ok
18:14:02.0551 2084  [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService      C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
18:14:02.0598 2084  MWLService - ok
18:14:02.0629 2084  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
18:14:02.0723 2084  napagent - ok
18:14:02.0769 2084  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:14:02.0847 2084  NativeWifiP - ok
18:14:02.0894 2084  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:14:02.0972 2084  NDIS - ok
18:14:02.0988 2084  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:03.0050 2084  NdisCap - ok
18:14:03.0066 2084  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:03.0159 2084  NdisTapi - ok
18:14:03.0159 2084  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:03.0253 2084  Ndisuio - ok
18:14:03.0253 2084  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:03.0331 2084  NdisWan - ok
18:14:03.0347 2084  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:14:03.0425 2084  NDProxy - ok
18:14:03.0440 2084  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:14:03.0503 2084  NetBIOS - ok
18:14:03.0534 2084  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:14:03.0627 2084  NetBT - ok
18:14:03.0659 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
18:14:03.0674 2084  Netlogon - ok
18:14:03.0721 2084  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:14:03.0799 2084  Netman - ok
18:14:03.0830 2084  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:14:03.0924 2084  netprofm - ok
18:14:03.0971 2084  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:14:04.0002 2084  NetTcpPortSharing - ok
18:14:04.0220 2084  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
18:14:04.0563 2084  NETw5s64 - ok
18:14:04.0626 2084  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:04.0657 2084  nfrd960 - ok
18:14:04.0704 2084  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:14:04.0797 2084  NlaSvc - ok
18:14:04.0797 2084  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:14:04.0891 2084  Npfs - ok
18:14:04.0907 2084  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:14:05.0000 2084  nsi - ok
18:14:05.0000 2084  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:14:05.0063 2084  nsiproxy - ok
18:14:05.0125 2084  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:14:05.0265 2084  Ntfs - ok
18:14:05.0265 2084  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:14:05.0343 2084  Null - ok
18:14:05.0359 2084  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
18:14:05.0390 2084  nvraid - ok
18:14:05.0406 2084  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
18:14:05.0437 2084  nvstor - ok
18:14:05.0468 2084  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
18:14:05.0499 2084  nv_agp - ok
18:14:05.0593 2084  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:14:05.0655 2084  odserv - ok
18:14:05.0655 2084  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:14:05.0702 2084  ohci1394 - ok
18:14:05.0765 2084  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:05.0811 2084  ose - ok
18:14:05.0843 2084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:14:05.0889 2084  p2pimsvc - ok
18:14:05.0921 2084  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:14:05.0967 2084  p2psvc - ok
18:14:05.0999 2084  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:14:06.0030 2084  Parport - ok
18:14:06.0061 2084  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:14:06.0092 2084  partmgr - ok
18:14:06.0108 2084  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:14:06.0155 2084  PcaSvc - ok
18:14:06.0170 2084  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
18:14:06.0217 2084  pci - ok
18:14:06.0217 2084  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
18:14:06.0248 2084  pciide - ok
18:14:06.0279 2084  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:06.0326 2084  pcmcia - ok
18:14:06.0326 2084  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:14:06.0357 2084  pcw - ok
18:14:06.0389 2084  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:14:06.0498 2084  PEAUTH - ok
18:14:06.0545 2084  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:14:06.0591 2084  PerfHost - ok
18:14:06.0654 2084  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
18:14:06.0841 2084  pla - ok
18:14:06.0888 2084  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:14:06.0966 2084  PlugPlay - ok
18:14:06.0981 2084  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:14:07.0028 2084  PNRPAutoReg - ok
18:14:07.0075 2084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:14:07.0106 2084  PNRPsvc - ok
18:14:07.0153 2084  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:14:07.0262 2084  PolicyAgent - ok
18:14:07.0293 2084  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:14:07.0371 2084  Power - ok
18:14:07.0403 2084  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:14:07.0496 2084  PptpMiniport - ok
18:14:07.0512 2084  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:14:07.0559 2084  Processor - ok
18:14:07.0590 2084  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:14:07.0683 2084  ProfSvc - ok
18:14:07.0715 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:14:07.0730 2084  ProtectedStorage - ok
18:14:07.0761 2084  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:14:07.0824 2084  Psched - ok
18:14:07.0886 2084  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:14:07.0995 2084  ql2300 - ok
18:14:08.0027 2084  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:08.0058 2084  ql40xx - ok
18:14:08.0073 2084  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:14:08.0151 2084  QWAVE - ok
18:14:08.0151 2084  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:14:08.0214 2084  QWAVEdrv - ok
18:14:08.0214 2084  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:14:08.0292 2084  RasAcd - ok
18:14:08.0323 2084  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:08.0401 2084  RasAgileVpn - ok
18:14:08.0417 2084  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:14:08.0510 2084  RasAuto - ok
18:14:08.0526 2084  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:08.0604 2084  Rasl2tp - ok
18:14:08.0635 2084  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
18:14:08.0744 2084  RasMan - ok
18:14:08.0775 2084  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:08.0853 2084  RasPppoe - ok
18:14:08.0853 2084  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:14:08.0947 2084  RasSstp - ok
18:14:08.0978 2084  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:14:09.0072 2084  rdbss - ok
18:14:09.0087 2084  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:09.0119 2084  rdpbus - ok
18:14:09.0134 2084  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:09.0197 2084  RDPCDD - ok
18:14:09.0212 2084  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:14:09.0306 2084  RDPENCDD - ok
18:14:09.0321 2084  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:14:09.0384 2084  RDPREFMP - ok
18:14:09.0431 2084  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:14:09.0493 2084  RDPWD - ok
18:14:09.0509 2084  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:14:09.0555 2084  rdyboost - ok
18:14:09.0587 2084  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:14:09.0665 2084  RemoteAccess - ok
18:14:09.0696 2084  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:14:09.0774 2084  RemoteRegistry - ok
18:14:09.0805 2084  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:14:09.0852 2084  RFCOMM - ok
18:14:09.0883 2084  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:14:09.0961 2084  RpcEptMapper - ok
18:14:09.0992 2084  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:14:10.0055 2084  RpcLocator - ok
18:14:10.0101 2084  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
18:14:10.0164 2084  RpcSs - ok
18:14:10.0195 2084  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:14:10.0289 2084  rspndr - ok
18:14:10.0304 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
18:14:10.0335 2084  SamSs - ok
18:14:10.0335 2084  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
18:14:10.0382 2084  sbp2port - ok
18:14:10.0398 2084  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:14:10.0476 2084  SCardSvr - ok
18:14:10.0491 2084  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:14:10.0585 2084  scfilter - ok
18:14:10.0647 2084  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
18:14:10.0725 2084  Schedule - ok
18:14:10.0757 2084  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:14:10.0819 2084  SCPolicySvc - ok
18:14:10.0850 2084  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:14:10.0928 2084  SDRSVC - ok
18:14:10.0959 2084  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:14:11.0037 2084  secdrv - ok
18:14:11.0037 2084  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
18:14:11.0131 2084  seclogon - ok
18:14:11.0147 2084  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:14:11.0225 2084  SENS - ok
18:14:11.0256 2084  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:14:11.0318 2084  SensrSvc - ok
18:14:11.0334 2084  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:14:11.0365 2084  Serenum - ok
18:14:11.0381 2084  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:14:11.0412 2084  Serial - ok
18:14:11.0412 2084  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:14:11.0459 2084  sermouse - ok
18:14:11.0490 2084  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
18:14:11.0568 2084  SessionEnv - ok
18:14:11.0583 2084  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
18:14:11.0630 2084  sffdisk - ok
18:14:11.0630 2084  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:14:11.0677 2084  sffp_mmc - ok
18:14:11.0677 2084  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
18:14:11.0724 2084  sffp_sd - ok
18:14:11.0739 2084  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:11.0786 2084  sfloppy - ok
18:14:11.0833 2084  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:14:11.0927 2084  SharedAccess - ok
18:14:11.0958 2084  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:14:12.0020 2084  ShellHWDetection - ok
18:14:12.0036 2084  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:12.0083 2084  SiSRaid2 - ok
18:14:12.0083 2084  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:12.0114 2084  SiSRaid4 - ok
18:14:12.0129 2084  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:14:12.0223 2084  Smb - ok
18:14:12.0254 2084  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:14:12.0301 2084  SNMPTRAP - ok
18:14:12.0301 2084  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:14:12.0348 2084  spldr - ok
18:14:12.0395 2084  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
18:14:12.0488 2084  Spooler - ok
18:14:12.0597 2084  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:14:12.0785 2084  sppsvc - ok
18:14:12.0785 2084  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:14:12.0878 2084  sppuinotify - ok
18:14:12.0909 2084  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:14:12.0987 2084  srv - ok
18:14:13.0034 2084  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:14:13.0112 2084  srv2 - ok
18:14:13.0143 2084  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:14:13.0221 2084  srvnet - ok
18:14:13.0284 2084  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:14:13.0362 2084  SSDPSRV - ok
18:14:13.0377 2084  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:14:13.0455 2084  SstpSvc - ok
18:14:13.0487 2084  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:14:13.0518 2084  stexstor - ok
18:14:13.0565 2084  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
18:14:13.0674 2084  stisvc - ok
18:14:13.0674 2084  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:14:13.0705 2084  swenum - ok
18:14:13.0752 2084  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:14:13.0845 2084  swprv - ok
18:14:13.0892 2084  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:14:13.0939 2084  SynTP - ok
18:14:14.0001 2084  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
18:14:14.0126 2084  SysMain - ok
18:14:14.0142 2084  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:14:14.0204 2084  TabletInputService - ok
18:14:14.0235 2084  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:14:14.0360 2084  TapiSrv - ok
18:14:14.0391 2084  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:14:14.0454 2084  TBS - ok
18:14:14.0532 2084  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:14:14.0688 2084  Tcpip - ok
18:14:14.0735 2084  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:14:14.0813 2084  TCPIP6 - ok
18:14:14.0844 2084  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:14:14.0922 2084  tcpipreg - ok
18:14:14.0937 2084  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:14:15.0000 2084  TDPIPE - ok
18:14:15.0031 2084  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:14:15.0093 2084  TDTCP - ok
18:14:15.0109 2084  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:14:15.0187 2084  tdx - ok
18:14:15.0203 2084  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:14:15.0234 2084  TermDD - ok
18:14:15.0281 2084  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
18:14:15.0405 2084  TermService - ok
18:14:15.0421 2084  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:14:15.0468 2084  Themes - ok
18:14:15.0499 2084  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:14:15.0561 2084  THREADORDER - ok
18:14:15.0577 2084  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:14:15.0655 2084  TrkWks - ok
18:14:15.0702 2084  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:14:15.0733 2084  TrustedInstaller - ok
18:14:15.0764 2084  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:15.0842 2084  tssecsrv - ok
18:14:15.0858 2084  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:14:15.0936 2084  tunnel - ok
18:14:15.0936 2084  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:14:15.0983 2084  uagp35 - ok
18:14:15.0998 2084  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:14:16.0107 2084  udfs - ok
18:14:16.0139 2084  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:14:16.0185 2084  UI0Detect - ok
18:14:16.0185 2084  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
18:14:16.0232 2084  uliagpkx - ok
18:14:16.0248 2084  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:14:16.0295 2084  umbus - ok
18:14:16.0295 2084  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:14:16.0357 2084  UmPass - ok
18:14:16.0435 2084  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:14:16.0466 2084  Updater Service - ok
18:14:16.0482 2084  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:14:16.0560 2084  upnphost - ok
18:14:16.0575 2084  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:16.0638 2084  usbccgp - ok
18:14:16.0653 2084  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
18:14:16.0700 2084  usbcir - ok
18:14:16.0716 2084  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:14:16.0747 2084  usbehci - ok
18:14:16.0763 2084  [ 7CC1C95896D60E868AA6DD2DD2F97EAD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:14:16.0841 2084  usbhub - ok
18:14:16.0856 2084  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:14:16.0887 2084  usbohci - ok
18:14:16.0919 2084  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:14:16.0950 2084  usbprint - ok
18:14:16.0950 2084  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:14:16.0997 2084  USBSTOR - ok
18:14:16.0997 2084  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:17.0043 2084  usbuhci - ok
18:14:17.0075 2084  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:14:17.0106 2084  usbvideo - ok
18:14:17.0137 2084  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:14:17.0199 2084  UxSms - ok
18:14:17.0215 2084  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
18:14:17.0246 2084  VaultSvc - ok
18:14:17.0262 2084  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
18:14:17.0293 2084  vdrvroot - ok
18:14:17.0324 2084  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
18:14:17.0387 2084  vds - ok
18:14:17.0402 2084  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:17.0433 2084  vga - ok
18:14:17.0449 2084  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:14:17.0527 2084  VgaSave - ok
18:14:17.0543 2084  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
18:14:17.0589 2084  vhdmp - ok
18:14:17.0589 2084  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
18:14:17.0621 2084  viaide - ok
18:14:17.0636 2084  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
18:14:17.0683 2084  volmgr - ok
18:14:17.0699 2084  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:14:17.0730 2084  volmgrx - ok
18:14:17.0745 2084  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
18:14:17.0792 2084  volsnap - ok
18:14:17.0823 2084  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:17.0870 2084  vsmraid - ok
18:14:17.0917 2084  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
18:14:18.0057 2084  VSS - ok
18:14:18.0057 2084  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:14:18.0104 2084  vwifibus - ok
18:14:18.0120 2084  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:14:18.0151 2084  vwififlt - ok
18:14:18.0198 2084  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:14:18.0291 2084  W32Time - ok
18:14:18.0307 2084  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:14:18.0338 2084  WacomPen - ok
18:14:18.0369 2084  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:14:18.0463 2084  WANARP - ok
18:14:18.0479 2084  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:14:18.0557 2084  Wanarpv6 - ok
18:14:18.0603 2084  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
18:14:18.0759 2084  wbengine - ok
18:14:18.0775 2084  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:14:18.0822 2084  WbioSrvc - ok
18:14:18.0837 2084  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:14:18.0915 2084  wcncsvc - ok
18:14:18.0931 2084  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:14:18.0978 2084  WcsPlugInService - ok
18:14:18.0993 2084  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:14:19.0025 2084  Wd - ok
18:14:19.0056 2084  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:14:19.0134 2084  Wdf01000 - ok
18:14:19.0165 2084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:14:19.0212 2084  WdiServiceHost - ok
18:14:19.0212 2084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:14:19.0259 2084  WdiSystemHost - ok
18:14:19.0290 2084  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
18:14:19.0368 2084  WebClient - ok
18:14:19.0383 2084  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:14:19.0477 2084  Wecsvc - ok
18:14:19.0493 2084  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:14:19.0586 2084  wercplsupport - ok
18:14:19.0617 2084  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:14:19.0695 2084  WerSvc - ok
18:14:19.0727 2084  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:19.0805 2084  WfpLwf - ok
18:14:19.0805 2084  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:14:19.0836 2084  WIMMount - ok
18:14:19.0867 2084  WinDefend - ok
18:14:19.0883 2084  WinHttpAutoProxySvc - ok
18:14:19.0945 2084  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:14:20.0023 2084  Winmgmt - ok
18:14:20.0117 2084  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:14:20.0273 2084  WinRM - ok
18:14:20.0413 2084  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:14:20.0507 2084  Wlansvc - ok
18:14:20.0553 2084  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:14:20.0600 2084  WmiAcpi - ok
18:14:20.0631 2084  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:14:20.0694 2084  wmiApSrv - ok
18:14:20.0725 2084  WMPNetworkSvc - ok
18:14:20.0756 2084  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:14:20.0803 2084  WPCSvc - ok
18:14:20.0803 2084  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:14:20.0850 2084  WPDBusEnum - ok
18:14:20.0881 2084  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:14:20.0943 2084  ws2ifsl - ok
18:14:20.0975 2084  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:14:21.0037 2084  wscsvc - ok
18:14:21.0037 2084  WSearch - ok
18:14:21.0146 2084  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:14:21.0287 2084  wuauserv - ok
18:14:21.0287 2084  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:14:21.0365 2084  WudfPf - ok
18:14:21.0396 2084  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:21.0474 2084  WUDFRd - ok
18:14:21.0505 2084  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:14:21.0583 2084  wudfsvc - ok
18:14:21.0614 2084  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:14:21.0677 2084  WwanSvc - ok
18:14:21.0708 2084  ================ Scan global ===============================
18:14:21.0723 2084  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:14:21.0770 2084  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:14:21.0817 2084  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
18:14:21.0848 2084  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:14:21.0879 2084  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:14:21.0895 2084  [Global] - ok
18:14:21.0895 2084  ================ Scan MBR ==================================
18:14:21.0911 2084  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:14:22.0347 2084  \Device\Harddisk0\DR0 - ok
18:14:22.0347 2084  ================ Scan VBR ==================================
18:14:22.0347 2084  [ 42D9A4950A8BB8F0E179DB385EC4D049 ] \Device\Harddisk0\DR0\Partition1
18:14:22.0347 2084  \Device\Harddisk0\DR0\Partition1 - ok
18:14:22.0379 2084  [ 081B0AD7E991FA04728305D08FBE215A ] \Device\Harddisk0\DR0\Partition2
18:14:22.0379 2084  \Device\Harddisk0\DR0\Partition2 - ok
18:14:22.0379 2084  ============================================================
18:14:22.0379 2084  Scan finished
18:14:22.0379 2084  ============================================================
18:14:22.0394 3796  Detected object count: 0
18:14:22.0394 3796  Actual detected object count: 0
         
TDSSKiller hat wahrscheinlich nichts gefunden, weil ich bereits zuvor ein Objekt gelöscht hatte (siehe meinen Thread).
__________________

Alt 22.11.2012, 19:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Dann auch bitte das ältere (erste) Log vom TDSS-Killer poste
Liegt direkt auf C
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2012, 20:17   #5
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Beim ersten Mal habe ich leider keinen Report aufgerufen, sondern die Datei gelöscht
(siehe http://www.trojaner-board.de/82358-t...entfernen.html : "Lasse die Funde entfernen"

was ich noch habe ist:

Code:
ATTFilter
OTL Extras logfile created on: 20.11.2012 23:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,36% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 253,14 Gb Free Space | 88,51% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 1,57 Gb Free Space | 42,18% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06038C11-7ADF-4B8E-A80D-581E8F761C99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{08A11683-D1A0-46C0-9138-5351BF9F6A87}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1DC71B89-A865-43D9-ACCC-63EDABE50018}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2014F569-B0CA-44E2-94C3-6E6DA15A9429}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3B1294A8-A67B-4007-9FD5-3CB6C55E89D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D917289-81CF-41A9-AD15-CA32734034CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58F98DB2-38CA-4208-8C02-00F5FC74E994}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5BDA6382-DA33-4B69-8883-BF3C9D827228}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{607B0F88-3B60-493B-BAF4-420752D4A456}" = rport=138 | protocol=17 | dir=out | app=system | 
"{64E2A8F6-C7C7-4C69-A665-C97A19382E4C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81EE8A63-1156-48BD-A93A-D8618D46369A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{82806B6B-1FD8-4C9B-AFA0-CD7F5ECA080E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8C059514-9CF3-4C1D-AC56-CDCF481F8C9B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AEBF4FF1-2AA6-4303-A895-3253FD120D5B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C077E69F-3B42-41F2-A449-DC479DD6F050}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4FCB226-52E7-4A9B-BEF6-858A053357DB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C78AABCF-9B96-45CD-82B5-AD4F5D6DC102}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CF850F7F-794E-420D-B56B-1AED9570E48B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D398B631-0CA2-4A48-8E03-D003C1210344}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E8FA482E-3609-4000-851A-F277E7237A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EF4A903B-8181-4605-8FE3-B2CBC8B7065A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0737406-9D7F-46A0-9051-6C1819039D61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F69CA2AE-7762-42B8-85BC-6E2F47112D96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130EBF12-DFAD-4D5D-A82F-A4023890773A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2B6D0195-C8FC-44E6-A873-90D755DA5065}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2EEFF40A-18ED-4806-AAA0-B8B6E887AD4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{38614B65-B845-42F4-8FBB-D380220F4859}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46E44B3F-80BB-48E6-A764-32DE22F7A24F}" = protocol=6 | dir=out | app=system | 
"{48848554-291F-4472-9FE5-546ED5F95E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BE5ADB2-F385-4B29-9EDE-F9DDE20AE5A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{53F76614-7D5A-416B-A048-FE1C2B7BA10F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{58413B46-A771-41B0-A279-71459228DB5D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{59B54611-8382-4A13-9B52-2E2B638831B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{69812E27-1AE0-44D7-B208-0173932CC738}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83E67FB5-ED70-4BF0-AE50-B12A3BFFDFA6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{8A00D749-8ABE-4D4C-9AC6-6AD74CC44915}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8AE3190A-9724-46B5-867B-F8869A5E10D0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{8E38219A-860B-4E12-99DD-0BC367EF7EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9505B127-D2D9-40BD-8CF3-C3C794789B4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{983C4DBA-2F6C-49FF-826C-82351FD65497}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{9B18D374-38EC-41F5-8959-C79AF7CD8BAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A292878F-AF7F-492B-ABD1-D7800E34AE23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0CE664B-3857-4D23-ADC6-D96AA61BA05D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C1447F2A-A9C5-4466-B12B-DA9B4D4B4583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3265E3F-B616-43D6-AA68-00E828EF7FD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C6861E5C-E575-4540-BA59-2D79221BFE3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C961F347-5AB2-44D2-9D9A-3B0209292B65}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CE440304-0D1A-408A-BF32-C179B818602E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E602D374-2089-40A0-9636-6885B5A4F7C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F894F4A6-44B4-4F7D-8B50-579C0F69E1C2}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 19.11.2012 12:56:05 | Computer Name = WIN-M52VITFDOHC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 19.11.2012 12:57:05 | Computer Name = WIN-M52VITFDOHC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 19.11.2012 13:06:26 | Computer Name = Steffie-PC | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht
 starten.
 
 
< End of report >
         
bzw. die OTL-Datei:

Code:
ATTFilter
OTL logfile created on: 20.11.2012 23:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 51,36% Memory free
3,87 Gb Paging File | 2,60 Gb Available in Paging File | 67,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 253,14 Gb Free Space | 88,51% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 1,57 Gb Free Space | 42,18% Space Free | Partition Type: FAT32
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.20 23:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\OTL.exe
PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.11.06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.09.24 13:14:42 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.09.10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.04.16 08:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.20 18:00:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.17 00:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.10.16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.10.29 20:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.09.21 04:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 23:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.04.27 09:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.26 04:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=001a326a000000000000001e64297dec
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE511
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=001a326a000000000000001e64297dec&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 09:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.20 17:51:52 | 000,000,000 | ---D | M]
 
[2012.11.20 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.11.20 20:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions
[2012.11.20 09:49:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.20 20:33:53 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2012.11.20 20:10:39 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de
[2012.11.20 20:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
[2012.11.20 20:10:34 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.11.20 09:49:48 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.20 20:33:53 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.11.20 09:41:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.20 20:33:58 | 000,005,212 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\ecosia.xml
[2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\mngr.xml
[2012.11.20 09:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 17:51:52 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33AF98BE-F3A9-4F9B-89BC-ECF7E761A48F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 23:01:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.20 22:26:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.20 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Adobe
[2012.11.20 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Thunderbird
[2012.11.20 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Thunderbird
[2012.11.20 20:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.20 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Macromedia
[2012.11.20 17:59:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.11.20 17:52:03 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.11.20 17:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\pdfforge
[2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Babylon
[2012.11.20 17:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.20 17:51:09 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.11.20 17:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.11.20 17:49:52 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Programs
[2012.11.20 12:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.11.20 10:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.11.20 09:40:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla
[2012.11.20 09:40:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Mozilla
[2012.11.20 09:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.20 09:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.20 09:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.20 09:32:43 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira
[2012.11.20 09:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.20 09:27:07 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.20 09:27:07 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.20 09:27:07 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.20 09:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.20 09:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.11.20 02:47:54 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2012.11.20 02:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2012.11.20 02:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2012.11.20 02:46:51 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.11.20 02:46:51 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.11.20 02:46:49 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.11.20 02:46:49 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.11.20 02:41:56 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2012.11.19 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Adobe
[2012.11.19 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Google
[2012.11.19 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Google
[2012.11.19 18:43:23 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Macromedia
[2012.11.19 18:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012.11.19 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.11.19 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Help
[2012.11.19 18:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.11.19 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.11.19 18:31:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.11.19 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2012.11.19 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.11.19 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.11.19 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.11.19 18:28:25 | 001,658,880 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2012.11.19 18:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2012.11.19 18:27:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\InstallShield
[2012.11.19 18:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.11.19 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\EgisTec
[2012.11.19 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2012.11.19 18:22:43 | 000,000,000 | ---D | C] -- C:\book
[2012.11.19 18:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XX\Searches
[2012.11.19 18:22:09 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.11.19 18:21:58 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Identities
[2012.11.19 18:21:54 | 000,000,000 | R--D | C] -- C:\Users\XXX\Contacts
[2012.11.19 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\VirtualStore
[2012.11.19 18:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2012.11.19 18:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Vorlagen
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Verlauf
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Temporary Internet Files
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Startmenü
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\SendTo
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Recent
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Netzwerkumgebung
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Lokale Einstellungen
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Videos
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Musik
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Eigene Dateien
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Bilder
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Druckumgebung
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Cookies
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Anwendungsdaten
[2012.11.19 18:19:08 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Anwendungsdaten
[2012.11.19 18:19:07 | 000,000,000 | --SD | C] -- C:\Users\XXX\AppData\Roaming\Microsoft
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Videos
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Saved Games
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Pictures
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Music
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Links
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Favorites
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Downloads
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Documents
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\Desktop
[2012.11.19 18:19:07 | 000,000,000 | R--D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.19 18:19:07 | 000,000,000 | -H-D | C] -- C:\Users\XXX\AppData
[2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Temp
[2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft
[2012.11.19 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Media Center Programs
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.19 18:18:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.11.19 17:58:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.11.19 17:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012.11.19 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012.11.19 17:55:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.02.23 09:10:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 23:22:06 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2012.11.20 23:10:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 23:10:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 23:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 23:02:15 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 22:58:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 22:56:02 | 000,000,512 | ---- | M] () -- C:\Users\XXX\Desktop\MBR.dat
[2012.11.20 22:26:55 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.20 21:04:44 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 21:04:44 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 21:04:44 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 21:04:44 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 21:04:44 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 20:36:24 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.20 17:51:20 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.20 12:27:00 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.20 10:40:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.20 10:40:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.20 09:39:56 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.20 02:47:37 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2012.11.20 02:47:37 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2012.11.20 02:46:51 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2012.11.20 02:46:51 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2012.11.20 02:46:49 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2012.11.20 02:46:49 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2012.11.20 02:41:56 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2012.11.19 19:44:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.19 18:32:35 | 000,000,020 | ---- | M] () -- C:\Windows\hó§
[2012.11.19 18:26:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.11.19 18:19:38 | 000,014,756 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012.11.19 18:18:24 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.11.19 18:18:24 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.11.19 17:58:40 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2012.11.07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.11.20 23:22:06 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2012.11.20 22:56:02 | 000,000,512 | ---- | C] () -- C:\Users\XXX\Desktop\MBR.dat
[2012.11.20 22:26:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.20 22:26:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.20 20:36:24 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.11.20 20:36:24 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.20 18:00:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 17:51:20 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.20 10:40:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.11.20 10:40:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.11.20 09:39:56 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.20 09:39:56 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.20 02:51:58 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2012.11.20 02:48:19 | 000,643,866 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 02:48:19 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2012.11.20 02:48:19 | 000,126,394 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 02:48:19 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2012.11.19 19:44:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.19 18:40:52 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012.11.19 18:40:31 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2012.11.19 18:32:33 | 000,000,020 | ---- | C] () -- C:\Windows\hó§
[2012.11.19 18:28:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.19 18:28:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.19 18:28:26 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.19 18:28:26 | 000,008,362 | ---- | C] () -- C:\Windows\Suyin.reg
[2012.11.19 18:28:26 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.19 18:26:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.11.19 18:22:19 | 000,001,413 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.11.19 18:22:12 | 000,001,447 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.19 18:19:38 | 000,014,756 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012.11.19 17:55:17 | 1556,279,296 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.20 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Babylon
[2012.11.20 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\pdfforge
[2012.11.20 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         


Alt 22.11.2012, 20:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Claro Search (Firefox) lässt sich nicht deinstallieren!

Alt 22.11.2012, 22:20   #7
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



hier die Logfile von Combifix:

Code:
ATTFilter
ComboFix 12-11-22.03 - XXX22.11.2012  22:02:53.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.1979.1160 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-22 bis 2012-11-22  ))))))))))))))))))))))))))))))
.
.
2012-11-22 21:11 . 2012-11-22 21:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-20 23:18 . 2012-11-20 23:18	--------	d-----w-	c:\program files (x86)\7-Zip
2012-11-20 22:01 . 2012-11-20 22:01	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-11-20 19:36 . 2012-11-20 19:36	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-11-20 17:00 . 2012-11-20 17:00	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-20 17:00 . 2012-11-20 17:00	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-20 16:59 . 2012-11-20 16:59	--------	d-----w-	c:\windows\system32\Macromed
2012-11-20 16:51 . 2012-11-20 16:51	--------	d-----w-	c:\programdata\Browser Manager
2012-11-20 16:51 . 2012-11-20 16:51	--------	d-----w-	c:\programdata\Babylon
2012-11-20 16:51 . 2012-10-12 06:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-11-20 16:51 . 2012-05-05 10:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-20 16:51 . 2012-05-05 10:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-11-20 16:51 . 2012-11-20 16:52	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-11-20 16:51 . 2012-05-05 10:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-11-20 16:51 . 1998-07-06 17:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-11-20 16:51 . 1998-07-06 17:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-11-20 16:51 . 1998-07-06 17:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-11-20 16:51 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{35ED8A3C-400F-4E17-91E9-1820DF44388E}\mpengine.dll
2012-11-20 16:50 . 2011-04-28 03:58	552448	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-11-20 16:50 . 2011-04-28 03:58	80384	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2012-11-20 11:24 . 2012-11-20 11:24	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-11-20 11:24 . 2012-11-20 11:24	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-11-20 11:09 . 2011-06-15 09:58	212992	----a-w-	c:\windows\system32\odbctrac.dll
2012-11-20 11:09 . 2011-06-15 09:58	163840	----a-w-	c:\windows\system32\odbccp32.dll
2012-11-20 11:09 . 2011-06-15 09:58	106496	----a-w-	c:\windows\system32\odbccu32.dll
2012-11-20 11:09 . 2011-06-15 09:58	106496	----a-w-	c:\windows\system32\odbccr32.dll
2012-11-20 11:09 . 2011-06-15 09:58	126976	----a-w-	c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-11-20 11:09 . 2011-06-15 09:04	86016	----a-w-	c:\windows\SysWow64\odbccu32.dll
2012-11-20 11:09 . 2011-06-15 09:04	81920	----a-w-	c:\windows\SysWow64\odbccr32.dll
2012-11-20 11:09 . 2011-06-15 09:04	319488	----a-w-	c:\windows\SysWow64\odbcjt32.dll
2012-11-20 11:09 . 2011-06-15 09:04	163840	----a-w-	c:\windows\SysWow64\odbctrac.dll
2012-11-20 11:09 . 2011-06-15 09:04	122880	----a-w-	c:\windows\SysWow64\odbccp32.dll
2012-11-20 11:09 . 2011-06-15 09:04	94208	----a-w-	c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-11-20 11:07 . 2010-03-05 07:52	84992	----a-w-	c:\windows\system32\asycfilt.dll
2012-11-20 11:07 . 2010-03-05 07:42	67584	----a-w-	c:\windows\SysWow64\asycfilt.dll
2012-11-20 11:05 . 2011-04-27 02:57	102400	----a-w-	c:\windows\system32\drivers\dfsc.sys
2012-11-20 11:02 . 2012-03-03 06:29	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-11-20 11:02 . 2012-03-03 06:29	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-11-20 11:02 . 2012-03-03 06:29	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-11-20 11:02 . 2012-03-03 05:40	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-11-20 11:02 . 2012-03-03 05:40	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-11-20 11:02 . 2012-03-03 05:40	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-11-20 11:02 . 2012-03-03 05:40	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-11-20 11:02 . 2012-03-03 06:29	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-11-20 11:02 . 2012-03-03 06:29	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-11-20 11:02 . 2012-03-03 05:40	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-11-20 11:00 . 2011-10-01 05:28	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-11-20 11:00 . 2011-10-01 04:43	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2012-11-20 10:57 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2012-11-20 10:57 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2012-11-20 10:53 . 2010-12-23 06:07	961024	----a-w-	c:\windows\system32\CPFilters.dll
2012-11-20 10:53 . 2010-12-23 06:02	259072	----a-w-	c:\windows\system32\mpg2splt.ax
2012-11-20 10:53 . 2010-12-23 05:28	850432	----a-w-	c:\windows\SysWow64\sbe.dll
2012-11-20 10:53 . 2010-12-23 05:28	642048	----a-w-	c:\windows\SysWow64\CPFilters.dll
2012-11-20 10:53 . 2010-12-23 05:24	199680	----a-w-	c:\windows\SysWow64\mpg2splt.ax
2012-11-20 10:53 . 2010-12-23 06:07	1118720	----a-w-	c:\windows\system32\sbe.dll
2012-11-20 10:49 . 2010-08-26 05:27	148992	----a-w-	c:\windows\system32\t2embed.dll
2012-11-20 10:49 . 2010-08-26 04:39	109056	----a-w-	c:\windows\SysWow64\t2embed.dll
2012-11-20 10:44 . 2011-10-26 05:22	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-11-20 10:44 . 2011-10-26 04:28	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-11-20 10:44 . 2011-10-26 05:22	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-11-20 10:44 . 2011-10-26 04:28	1328640	----a-w-	c:\windows\SysWow64\quartz.dll
2012-11-20 10:43 . 2010-06-29 05:39	2085376	----a-w-	c:\windows\system32\ole32.dll
2012-11-20 10:43 . 2010-06-29 05:02	1413632	----a-w-	c:\windows\SysWow64\ole32.dll
2012-11-20 10:43 . 2010-06-29 05:35	4582912	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2012-11-20 10:43 . 2010-06-29 04:57	4247040	----a-w-	c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-11-20 10:41 . 2010-11-02 05:18	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2012-11-20 10:41 . 2010-11-02 05:16	1114624	----a-w-	c:\windows\system32\schedsvc.dll
2012-11-20 10:41 . 2010-11-02 05:10	285696	----a-w-	c:\windows\system32\schtasks.exe
2012-11-20 10:41 . 2010-11-02 04:40	496128	----a-w-	c:\windows\SysWow64\taskschd.dll
2012-11-20 10:41 . 2010-11-02 04:40	305152	----a-w-	c:\windows\SysWow64\taskcomp.dll
2012-11-20 10:41 . 2010-11-02 04:34	192000	----a-w-	c:\windows\SysWow64\taskeng.exe
2012-11-20 10:41 . 2010-11-02 04:34	179712	----a-w-	c:\windows\SysWow64\schtasks.exe
2012-11-20 10:41 . 2010-11-02 05:17	473600	----a-w-	c:\windows\system32\taskcomp.dll
2012-11-20 10:41 . 2010-11-02 05:17	1169408	----a-w-	c:\windows\system32\taskschd.dll
2012-11-20 10:41 . 2010-11-02 05:10	464384	----a-w-	c:\windows\system32\taskeng.exe
2012-11-20 10:39 . 2010-05-05 07:37	483840	----a-w-	c:\windows\system32\StructuredQuery.dll
2012-11-20 10:39 . 2010-05-05 06:46	363520	----a-w-	c:\windows\SysWow64\StructuredQuery.dll
2012-11-20 10:37 . 2011-07-09 02:44	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2012-11-20 10:37 . 2011-05-04 02:51	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2012-11-20 10:37 . 2011-05-04 02:51	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2012-11-20 10:34 . 2012-10-18 18:18	3147264	----a-w-	c:\windows\system32\win32k.sys
2012-11-20 10:32 . 2011-11-17 07:12	395776	----a-w-	c:\windows\system32\webio.dll
2012-11-20 10:32 . 2011-11-17 05:39	314368	----a-w-	c:\windows\SysWow64\webio.dll
2012-11-20 10:21 . 2012-06-06 05:09	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-11-20 10:21 . 2012-06-06 05:09	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-11-20 10:21 . 2012-06-06 05:50	2003968	----a-w-	c:\windows\system32\msxml6.dll
2012-11-20 10:21 . 2012-06-06 05:50	1880064	----a-w-	c:\windows\system32\msxml3.dll
2012-11-20 10:17 . 2010-03-04 07:57	2080256	----a-w-	c:\program files\Windows Mail\msoe.dll
2012-11-20 10:17 . 2010-03-04 07:33	1619968	----a-w-	c:\program files (x86)\Windows Mail\msoe.dll
2012-11-20 10:14 . 2011-10-26 05:19	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-11-20 10:06 . 2010-08-21 06:31	633856	----a-w-	c:\windows\system32\comctl32.dll
2012-11-20 10:06 . 2010-08-21 05:33	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2012-11-20 10:04 . 2012-08-30 18:11	5505904	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-11-20 10:04 . 2012-08-30 17:18	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-11-20 10:04 . 2012-08-30 17:18	3902832	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-11-20 10:03 . 2009-10-31 06:34	2870272	----a-w-	c:\windows\explorer.exe
2012-11-20 10:03 . 2009-10-31 05:45	2614272	----a-w-	c:\windows\SysWow64\explorer.exe
2012-11-20 10:03 . 2009-10-28 06:24	389632	----a-w-	c:\windows\system32\winlogon.exe
2012-11-20 10:00 . 2011-03-11 06:19	1395712	----a-w-	c:\windows\system32\mfc42.dll
2012-11-20 10:00 . 2011-03-11 06:19	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2012-11-20 10:00 . 2011-03-11 05:40	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2012-11-20 10:00 . 2011-03-11 05:40	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
2012-11-20 09:56 . 2012-06-09 05:30	14165504	----a-w-	c:\windows\system32\shell32.dll
2012-11-20 09:54 . 2010-06-19 06:53	52224	----a-w-	c:\windows\system32\rtutils.dll
2012-11-20 09:54 . 2010-06-19 06:23	37376	----a-w-	c:\windows\SysWow64\rtutils.dll
2012-11-20 09:53 . 2012-04-26 05:34	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-11-20 09:53 . 2012-04-26 05:34	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-11-20 09:53 . 2012-04-26 05:28	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-11-20 09:48 . 2009-11-25 11:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2012-11-20 09:48 . 2009-11-25 11:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2012-11-20 09:48 . 2009-11-25 11:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2012-11-20 09:48 . 2009-11-25 11:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2012-11-20 09:48 . 2009-11-25 11:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2012-11-20 09:48 . 2009-11-25 11:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2012-11-20 09:48 . 2009-11-25 11:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2012-11-20 09:48 . 2009-11-25 11:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2012-11-20 09:48 . 2009-11-25 11:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2012-11-20 09:48 . 2009-11-25 11:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-11-20 09:45 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-11-20 09:44 . 2010-08-21 06:29	558592	----a-w-	c:\windows\system32\spoolsv.exe
2012-11-20 09:43 . 2011-02-19 06:36	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-11-20 09:43 . 2011-02-19 05:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-20 09:43 . 2011-02-19 04:13	367104	----a-w-	c:\windows\system32\atmfd.dll
2012-11-20 09:43 . 2011-02-19 03:37	294912	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 01:46 . 2012-11-20 01:46	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-11-20 01:46 . 2012-11-20 01:46	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-11-20 01:46 . 2012-11-20 01:46	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-11-19 16:58 . 2010-02-23 08:16	6	----a-w-	c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-06 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-2-23 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 84256]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-11-12 2402840]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-04-27 57344]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33936882
*NewlyCreated* - 81774105
*Deregistered* - 33936882
*Deregistered* - 81774105
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 17:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=001a326a000000000000001e64297dec&q=
FF - ExtSQL: 2012-11-20 09:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-20 09:49; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-20 09:49; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 001a326a000000000000001e64297dec
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15664
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1017:51
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-87683753.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-22  22:15:12
ComboFix-quarantined-files.txt  2012-11-22 21:15
.
Vor Suchlauf: 9 Verzeichnis(se), 271.260.807.168 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 270.993.145.856 Bytes frei
.
- - End Of File - - 08C751954EDDBA2B8FA29756CCFBB650
         
Beim Öffnen von Firefox ist Claro Search noch vorhanden, als Startseite und als Suchmaske

Alt 23.11.2012, 10:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Zitat:
Beim Öffnen von Firefox ist Claro Search noch vorhanden, als Startseite und als Suchmaske
Wir sind hier ja auch nich nicht fertig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2012, 15:13   #9
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Ok, also hier noch die ältere ADW-Cleaner [R1] vom 20.11. - vor meinem Eröffnungsthread:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 20/11/2012 um 23:09:21 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : xxx- xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\STEFAN~1\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Babylon
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gefunden : C:\Usersxxx\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gefunden : user_pref("extensions.claro.instlDay", "15664");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]

*************************

AdwCleaner[R1].txt - [5338 octets] - [20/11/2012 23:09:21]

########## EOF - C:\AdwCleaner[R1].txt - [5398 octets] ##########
         


und hier die soeben durchgeführte AdwCleaner [R2]:

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 26/11/2012 um 15:07:41 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - xxxPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gefunden : C:\Users\xxx\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gefunden : user_pref("extensions.claro.instlDay", "15664");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]

*************************

AdwCleaner[R1].txt - [5461 octets] - [20/11/2012 23:09:21]
AdwCleaner[R2].txt - [4426 octets] - [26/11/2012 15:07:41]

########## EOF - C:\AdwCleaner[R2].txt - [4486 octets] ##########
         

Alt 26.11.2012, 17:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2012, 17:33   #11
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



ADWCleaner [S1]

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 26/11/2012 um 17:26:21 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx- xxxPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\staged
Ordner Gelöscht : C:\Usersxxx\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=001a326a000000000000001e64297dec --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\prefs.js

C:\Usersxxx\AppData\Roaming\Mozilla\Firefox\Profiles\mr4pwwm3.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=471[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "001a326a000000000000001e64297dec");
Gelöscht : user_pref("extensions.claro.instlDay", "15664");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1017:51:42");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=KW_ss&mntrId=00[...]

*************************

AdwCleaner[R1].txt - [5461 octets] - [20/11/2012 23:09:21]
AdwCleaner[R2].txt - [4511 octets] - [26/11/2012 15:07:41]
AdwCleaner[R3].txt - [4613 octets] - [26/11/2012 15:18:51]
AdwCleaner[S1].txt - [4542 octets] - [26/11/2012 17:26:21]

########## EOF - C:\AdwCleaner[S1].txt - [4602 octets] ##########
         

Alt 26.11.2012, 17:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Denkst du auch an OTL?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2012, 18:11   #13
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Zitat: "Der Text, den Sie eingegeben haben, besteht aus 213531 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!"

Ich bekomme leider keine Funktion angezeigt, Dateien hochzuladen

Alt 26.11.2012, 18:20   #14
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



Ah, jetzt gehs
Angehängte Dateien
Dateityp: zip OTL.zip (45,1 KB, 52x aufgerufen)

Alt 26.11.2012, 18:56   #15
Goldblume
 
Claro Search (Firefox) lässt sich nicht deinstallieren! - Standard

Claro Search (Firefox) lässt sich nicht deinstallieren!



1. Teil der OTL-Datei:

Code:
ATTFilter
OTL logfile created on: 26.11.2012 17:36:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Usersxxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 52,52% Memory free
3,87 Gb Paging File | 2,63 Gb Available in Paging File | 68,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 258,48 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Usersxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273611120306l0403z135t4461a610
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=001a326a000000000000001e64297dec
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE511
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 09:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 20:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.20 17:51:52 | 000,000,000 | ---D | M]
 
[2012.11.20 09:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Extensions
[2012.11.26 17:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions
[2012.11.22 22:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.11.20 09:49:48 | 000,000,000 | ---D | M] (WOT) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.20 20:33:53 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2012.11.23 19:33:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.11.20 20:10:39 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Usersxxx\AppData\Roaming\mozilla\Firefox\Profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de
[2012.11.20 20:10:34 | 000,025,781 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.11.22 22:16:55 | 000,530,519 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.20 20:33:53 | 000,017,696 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.11.23 19:33:06 | 000,804,627 | ---- | M] () (No name found) -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.20 20:33:58 | 000,005,212 | ---- | M] () -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\ecosia.xml
[2012.11.20 17:51:31 | 000,006,520 | ---- | M] () -- C:\Usersxxx\AppData\Roaming\mozilla\firefox\profiles\mr4pwwm3.default\searchplugins\mngr.xml
[2012.11.20 09:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 17:51:52 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.22 22:11:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338483165-2262990862-3764339005-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33AF98BE-F3A9-4F9B-89BC-ECF7E761A48F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
         

Antwort

Themen zu Claro Search (Firefox) lässt sich nicht deinstallieren!
aswmbr, computer, computern, datei, downloaden, entfernen, explorer, firefox, forum, freeware, funktioniert, geld, gelöscht, gen, google, kompetent, laptop, löschen, neue, nicht mehr, programme, recovery, seite, systemsteuerung, tab, wenig ahnung, windows, windows explorer



Ähnliche Themen: Claro Search (Firefox) lässt sich nicht deinstallieren!


  1. Mozilla FIrefox lässt sich nicht deinstallieren
    Alles rund um Windows - 04.11.2015 (5)
  2. Windows 8, Mozilla Firefox: Feven 2.2 lässt sich nicht deinstallieren, re-markit eventuell noch vorhanden
    Log-Analyse und Auswertung - 08.10.2015 (24)
  3. Windows 7: Search Protect lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 14.09.2014 (13)
  4. webssearches.com als Startseite in Firefox lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (13)
  5. Win 7 Firefox stürzt ab, Advanceed System Protector lässt sich nicht deinstallieren
    Log-Analyse und Auswertung - 03.01.2014 (7)
  6. Hola Search - lässt sich nicht entfernen, nichts zum deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (9)
  7. Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (17)
  8. Eazel Search lässt sich nicht deinstallieren/löschen :(
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (26)
  9. Claro Search lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (44)
  10. Wie kann ich Claro Search deinstallieren?
    Log-Analyse und Auswertung - 22.01.2013 (25)
  11. Wie kann ich Claro Search deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (14)
  12. Claro lässt sich nicht vollständig entfernen, Virusbefall?
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (28)
  13. claro search läßt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (29)
  14. Claro Serch - Firefox startseite - Win7: lässt sich nicht entfernen. (FirmenPC)
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (5)
  15. virus auf dem pc search.chatzum.com bei Mozilla Firefox und search.claro.com bei IE
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)
  16. claro-search (Virus?) lässt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (11)
  17. claro-search nicht aus Firefox zu löschen
    Log-Analyse und Auswertung - 29.10.2012 (9)

Zum Thema Claro Search (Firefox) lässt sich nicht deinstallieren! - Hallo, ich habe mit Hilfe von Google lediglich dieses Forum als vertrauenswürdig und kompetent gefunden, weil das "Claro Search"-Problem hier bereits behandelt wurde und wohl recht aktuell ist. Claro Search - Claro Search (Firefox) lässt sich nicht deinstallieren!...
Archiv
Du betrachtest: Claro Search (Firefox) lässt sich nicht deinstallieren! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.