| |
| |||||||
Log-Analyse und Auswertung: TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.10.2012, 12:15
| #1 |
| |  TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hallo, Antivir hat folgendes in Quaratäne gesetzt: TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen. Ich bitte Euch um Hilfe, wie ich meinen Computer bereinigen kann. OTL logfile created on: 07.10.2012 12:57:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Karli\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,18% Memory free 6,19 Gb Paging File | 4,04 Gb Available in Paging File | 65,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,54 Gb Total Space | 61,31 Gb Free Space | 52,16% Space Free | Partition Type: NTFS Drive D: | 232,89 Gb Total Space | 232,85 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive F: | 113,88 Gb Total Space | 108,71 Gb Free Space | 95,46% Space Free | Partition Type: NTFS Computer Name: KARLI-PC | User Name: Karli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Karli\Downloads\OTL (2).exe (OldTimer Tools) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Karli\AppData\Roaming\BrowserCompanion\tcbhn.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Programme\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () MOD - C:\Users\Karli\AppData\Roaming\BrowserCompanion\tcbhn.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2951.27206__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2951.27213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2951.27138__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2951.26905__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2951.27131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2951.27203__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2951.27130__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2951.27202__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2951.27168__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2951.27078__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2951.26967__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2951.26914__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2951.27154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2951.26974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2951.26961__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2951.27098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2951.27077__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2951.26973__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2951.27097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2951.27069__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2951.27113__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2951.27059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2951.27067__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2951.27076__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2951.27111__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2951.27244__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2951.27183_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2951.26898__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2951.27183__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () MOD - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe () MOD - C:\Programme\Toshiba\PCDiag\NotifyPCD.dll () MOD - C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Programme\Toshiba\FlashCards\BlackPng.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\IDM\Desktop SMS\oehook.dll () MOD - C:\Programme\Toshiba\TBS\NotifyTBS.dll () MOD - C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll () MOD - C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Windows\System32\TosCommAPI.dll () ========== Services (SafeList) ========== SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcHdmiAddService) -- system32\drivers\IntcHdmi.sys File not found DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (CnxtHdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A5247372-904B-4266-B88D-E628A04A5DFB} IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {1799CF01-EB7F-41E4-97A0-A5FB187CB3FE} IE - HKLM\..\SearchScopes\{1799CF01-EB7F-41E4-97A0-A5FB187CB3FE}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={A5247372-904B-4266-B88D-E628A04A5DFB} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.1und1.de/br/ie9_startpage IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes,DefaultScope = {09038620-190C-402B-A92F-18864E6AB22F} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115284&tt=120912_pcp_3812_3&babsrc=SP_ss&mntrId=6ca2817200000000000000037a894dbc IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{1799CF01-EB7F-41E4-97A0-A5FB187CB3FE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.1und1.de/br/ie9_search_pic/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{52B647AC-FF85-4E9F-B14A-05E68C2CC0BF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337 IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.1und1.de/br/ie9_search_produkte/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E996DA3C-6152-4B05-8EA9-F77526FF773D}&mid=b5ca6c44174244f6a94ba830ee7ae4db-f2242149fd96559b10d3072326ef0adae150b479&lang=de&ds=wa011&pr=&d=2012-09-21 09:55:20&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.1und1.de/br/ie9_search_maps/?su={searchTerms} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=17&q={searchTerms}&barid={A5247372-904B-4266-B88D-E628A04A5DFB} IE - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012.09.21 09:55:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.07 10:51:56 | 000,000,000 | ---D | M] [2012.09.21 09:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (1und1 Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-869973246-1771691399-1620841179-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-869973246-1771691399-1620841179-1000..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-869973246-1771691399-1620841179-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Karli\AppData\Roaming\BrowserCompanion\tcbhn.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54753B9A-A526-44AE-8C4B-F57740B2A0CD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\Karli\Desktop\Fotos mit hellem Hintergrund\bearbeitet\Kaiserwinden.jpg O24 - Desktop BackupWallPaper: C:\Users\Karli\Desktop\Fotos mit hellem Hintergrund\bearbeitet\Kaiserwinden.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.07 11:51:33 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.10.07 11:51:33 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.10.07 10:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.07 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.10.07 10:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.09.29 09:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3 [2012.09.28 22:33:34 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Local\Apps [2012.09.28 19:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.09.28 19:13:45 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\TuneUp Software [2012.09.28 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.09.28 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.09.28 19:12:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.26 16:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2012.09.26 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2012.09.26 16:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2012.09.26 16:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1InternetExplorerAddon [2012.09.24 19:49:46 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Apple Computer [2012.09.24 12:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.09.24 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.09.24 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(0) [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.22 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.09.22 18:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.09.22 18:39:39 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.09.22 18:39:39 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.09.22 18:39:39 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.09.22 18:39:39 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.09.22 18:39:39 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.09.22 18:05:40 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Malwarebytes [2012.09.22 18:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 18:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 18:05:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.22 18:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.22 15:50:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.22 15:50:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.22 15:50:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.22 15:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.22 15:50:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.22 15:50:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.22 15:50:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.22 15:50:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.22 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Savings Sidekick [2012.09.21 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Karli\Documents\OneNote-Notizbücher [2012.09.21 12:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2012.09.21 12:09:47 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Scribus [2012.09.21 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.1 [2012.09.21 12:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.4.1 [2012.09.21 10:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.09.21 09:55:25 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Local\AVG Secure Search [2012.09.21 09:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.09.21 09:55:20 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.21 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.09.21 09:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012.09.21 09:23:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.09.21 09:23:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.09.21 09:23:35 | 000,000,000 | ---D | C] -- C:\Users\Karli\Start Menu [2012.09.21 09:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.09.21 09:23:25 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\BrowserCompanion [2012.09.21 09:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.21 09:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly [2012.09.21 09:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly [2012.09.21 09:23:10 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Babylon [2012.09.21 09:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.09.21 08:05:34 | 000,000,000 | ---D | C] -- C:\Users\Karli\Desktop\Kurt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.07 12:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 12:39:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 12:09:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 12:08:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 12:08:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 12:08:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.07 12:08:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.10.07 11:51:07 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 11:51:07 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 10:52:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.30 09:31:19 | 000,000,680 | ---- | M] () -- C:\Users\Karli\AppData\Local\d3d9caps.dat [2012.09.26 16:58:04 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\Amazon.lnk [2012.09.26 16:58:04 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\1und1.lnk [2012.09.26 16:58:04 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk [2012.09.24 12:25:32 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.22 18:39:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.09.22 18:39:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.09.22 18:39:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.09.22 18:39:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.09.22 18:39:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.09.22 18:05:29 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 17:26:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.21 17:26:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.21 17:26:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.21 17:26:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.21 13:31:27 | 000,001,162 | ---- | M] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.21 13:27:05 | 000,012,800 | ---- | M] () -- C:\Users\Karli\Documents\Dokument-1.sla [2012.09.21 13:26:58 | 002,697,794 | ---- | M] () -- C:\Users\Karli\Documents\Titelblatt1.sla [2012.09.21 12:09:04 | 000,000,863 | ---- | M] () -- C:\Users\Karli\Desktop\Scribus 1.4.1.lnk [2012.09.21 09:55:20 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.21 09:23:25 | 000,001,985 | ---- | M] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk [2012.09.21 09:23:20 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.21 08:26:47 | 000,002,673 | ---- | M] () -- C:\Users\Karli\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.09.20 18:00:01 | 000,917,586 | ---- | M] () -- C:\Users\Karli\Desktop\U-Bahn Rom.pdf [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.07 11:51:07 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.10.07 11:51:07 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 11:51:07 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 10:52:22 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.26 16:58:04 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.lnk [2012.09.26 16:58:04 | 000,001,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1und1.lnk [2012.09.26 16:58:04 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\1und1.lnk [2012.09.26 16:58:04 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2012.09.24 12:25:32 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.22 18:05:29 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 13:31:27 | 000,001,162 | ---- | C] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.21 13:27:05 | 000,012,800 | ---- | C] () -- C:\Users\Karli\Documents\Dokument-1.sla [2012.09.21 13:26:57 | 002,697,794 | ---- | C] () -- C:\Users\Karli\Documents\Titelblatt1.sla [2012.09.21 12:09:04 | 000,000,863 | ---- | C] () -- C:\Users\Karli\Desktop\Scribus 1.4.1.lnk [2012.09.21 09:23:25 | 000,001,985 | ---- | C] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk [2012.09.21 09:23:19 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.20 18:00:01 | 000,917,586 | ---- | C] () -- C:\Users\Karli\Desktop\U-Bahn Rom.pdf [2012.07.01 10:58:30 | 000,011,873 | ---- | C] () -- C:\Users\Karli\AppData\Local\recently-used.xbel [2011.12.03 12:53:16 | 000,000,025 | ---- | C] () -- C:\Windows\efdcet.dat [2011.09.20 19:05:53 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini [2011.01.17 10:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.17 10:21:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.02 12:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2011.01.02 11:59:15 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.01.02 11:59:15 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.01.02 11:59:15 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.01.02 11:59:15 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.01.02 11:59:15 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.01.02 11:59:15 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.01.02 11:59:15 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.01.02 11:59:15 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.01.02 11:59:15 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.01.02 11:59:15 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.01.02 11:59:15 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.01.02 11:59:15 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.01.02 11:59:15 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.01.02 11:59:15 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.01.02 11:59:15 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.01.02 11:59:15 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.01.02 11:59:15 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.01.02 11:59:15 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.01.02 11:59:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.11.02 20:49:26 | 000,000,680 | ---- | C] () -- C:\Users\Karli\AppData\Local\d3d9caps.dat [2009.11.29 16:39:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.05 19:24:11 | 000,003,584 | ---- | C] () -- C:\Users\Karli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.12 13:20:45 | 000,000,100 | ---- | C] () -- C:\Users\Karli\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 09:23:10 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Babylon [2012.10.07 12:59:49 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\BrowserCompanion [2012.09.29 11:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\DesktopIconForAmazon [2011.11.14 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\EPSON [2012.09.29 11:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\fotobuch.de AG [2012.09.29 11:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\IrfanView [2008.08.12 13:32:38 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\myphotobook [2011.12.03 10:09:12 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\OCS [2012.06.08 10:28:38 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\OpenOffice.org [2011.12.03 10:09:16 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Opera [2012.09.29 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Scribus [2012.09.22 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Systweak [2008.08.12 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Template [2009.06.05 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\Toshiba [2012.09.28 19:13:45 | 000,000,000 | ---D | M] -- C:\Users\Karli\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > |
|
08.10.2012, 06:30
| #2 |
| /// the machine /// TB-Ausbilder    | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hi,
__________________Poste bitte das komplette Logfile von Antivir.
__________________ |
|
08.10.2012, 19:27
| #3 |
| | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hallo Schrauber,
__________________leider ließ sich die Log-Datei nicht herstellen. Daraufhin habe ich AntiVir neu installiert und einen System-Scan durchgeführt. Dieses Mal wurde kein Schädling gefunden, lediglich 237 Warnungen angezeigt. Die zugehörige Log-Datei war so lang (weit über 10000 Seiten), dass ich Sie Dir nicht posten kann. Schließlich habe ich Malwarebytes Anti-Malware installiert und wieder einen vollständigen Scan durchgeführt. Auch diesmal wurden seltsamer Weise keine infizierten Objekte gefunden. Ich glaube nicht, dass mein PC frei von Schädlingen ist, auch wenn die beiden letzten Scans zu einem anderen Ergebnis kommen. Über eine Einschätzung von Dir würde ich mich freuen. Nordpol |
|
08.10.2012, 19:31
| #4 |
| /// the machine /// TB-Ausbilder | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Und ein frisches OTL logfile bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 20:01
| #5 |
| | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hallo, ich habe - trotz Warnungen - Deine Anweisungen befolgt. Dies ist die Log-Datei 1: # AdwCleaner v2.004 - Datei am 08/10/2012 um 20:44:43 erstellt # Aktualisiert am 06/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Karli - KARLI-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Karli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5V3XRUK\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : Browser Manager ***** [Dateien / Ordner] ***** Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk Ordner Gefunden : C:\Program Files\Ask.com Ordner Gefunden : C:\Program Files\AVG Secure Search Ordner Gefunden : C:\Program Files\BabylonToolbar Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\Program Files\DealPly Ordner Gefunden : C:\Program Files\Savings Sidekick Ordner Gefunden : C:\Program Files\Winload Ordner Gefunden : C:\Program Files\WiseConvert_1.3 Ordner Gefunden : C:\ProgramData\AVG Secure Search Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\Browser Manager Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gefunden : C:\Users\Karli\AppData\Local\APN Ordner Gefunden : C:\Users\Karli\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Karli\AppData\Local\AVG Secure Search Ordner Gefunden : C:\Users\Karli\AppData\Local\Conduit Ordner Gefunden : C:\Users\Karli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Ordner Gefunden : C:\Users\Karli\AppData\Local\Temp\AskSearch Ordner Gefunden : C:\Users\Karli\AppData\Local\Temp\avg@toolbar Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\AVG Secure Search Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\Winload Ordner Gefunden : C:\Users\Karli\AppData\LocalLow\WiseConvert_1.3 Ordner Gefunden : C:\Users\Karli\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Karli\AppData\Roaming\BrowserCompanion Ordner Gefunden : C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\WiseConvert_1.3 Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\AVG Secure Search Schlüssel Gefunden : HKCU\Software\BabylonToolbar Schlüssel Gefunden : HKCU\Software\BrowserMngr Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\DealPly Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_1.3 Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\Software\AVG Secure Search Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\Software\BrowserCompanion Schlüssel Gefunden : HKLM\Software\BrowserMngr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3242337 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\Software\DealPly Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81A7CAF7-E5B7-4D96-9C96-317A3F0CBDB0} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFD805C8-1937-4CAE-B626-EA1B560BDBCC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F61E628F-4EB8-495E-9402-5B97848C2B7F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD2A7B1A-D3C5-4A56-BC9C-03B21271C080} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Schlüssel Gefunden : HKLM\SOFTWARE\Software Schlüssel Gefunden : HKLM\Software\Winload Schlüssel Gefunden : HKLM\Software\WiseConvert_1.3 Schlüssel Gefunden : HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gefunden : HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKU\S-1-5-21-869973246-1771691399-1620841179-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A5247372-904B-4266-B88D-E628A04A5DFB} [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115284&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=6ca2817200000000000000037a894dbc ************************* AdwCleaner[R1].txt - [22705 octets] - [08/10/2012 20:44:43] ########## EOF - C:\AdwCleaner[R1].txt - [22766 octets] ########## Dies ist die Log-Datei 2: # AdwCleaner v2.004 - Datei am 08/10/2012 um 20:49:34 erstellt # Aktualisiert am 06/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Karli - KARLI-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Karli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBLO6I87\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\AVG Secure Search Ordner Gelöscht : C:\Program Files\BabylonToolbar Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\DealPly Ordner Gelöscht : C:\Program Files\Savings Sidekick Ordner Gelöscht : C:\Program Files\Winload Ordner Gelöscht : C:\Program Files\WiseConvert_1.3 Ordner Gelöscht : C:\ProgramData\AVG Secure Search Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gelöscht : C:\Users\Karli\AppData\Local\APN Ordner Gelöscht : C:\Users\Karli\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Karli\AppData\Local\AVG Secure Search Ordner Gelöscht : C:\Users\Karli\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Karli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Ordner Gelöscht : C:\Users\Karli\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Karli\AppData\Local\Temp\avg@toolbar Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\AVG Secure Search Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\bbrs_002.tb Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\Winload Ordner Gelöscht : C:\Users\Karli\AppData\LocalLow\WiseConvert_1.3 Ordner Gelöscht : C:\Users\Karli\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Karli\AppData\Roaming\BrowserCompanion Ordner Gelöscht : C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WiseConvert_1.3 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\BrowserMngr Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_1.3 Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\AVG Secure Search Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\Software\BrowserMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3242337 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81A7CAF7-E5B7-4D96-9C96-317A3F0CBDB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFD805C8-1937-4CAE-B626-EA1B560BDBCC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F61E628F-4EB8-495E-9402-5B97848C2B7F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD2A7B1A-D3C5-4A56-BC9C-03B21271C080} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213C8ED6-1D78-4D8F-8729-25006AA86A76} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D51392A5-3A08-41E6-AC05-C3B0FB94C41B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_1.3 Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Schlüssel Gelöscht : HKLM\SOFTWARE\Software Schlüssel Gelöscht : HKLM\Software\Winload Schlüssel Gelöscht : HKLM\Software\WiseConvert_1.3 Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{213C8ED6-1D78-4D8F-8729-25006AA86A76}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={A5247372-904B-4266-B88D-E628A04A5DFB} --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115284&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=6ca2817200000000000000037a894dbc --> hxxp://www.google.com ************************* AdwCleaner[R1].txt - [22836 octets] - [08/10/2012 20:44:43] AdwCleaner[S1].txt - [21929 octets] - [08/10/2012 20:49:34] ########## EOF - C:\AdwCleaner[S1].txt - [21990 octets] ########## Wie ist Deine Einschätzung jetzt? |
|
08.10.2012, 20:08
| #6 |
| /// the machine /// TB-Ausbilder | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Jetzt is ma en Haufen Adware weg. Poste mal bitte ein frisches OTL Logfile.
__________________ --> TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen |
|
08.10.2012, 20:27
| #7 |
| | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen Hallo, hier das aktuelle OTL logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.10.2012 21:13:40 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Karli\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,77% Memory free 6,19 Gb Paging File | 4,45 Gb Available in Paging File | 71,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,54 Gb Total Space | 60,27 Gb Free Space | 51,28% Space Free | Partition Type: NTFS Drive D: | 232,89 Gb Total Space | 232,84 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive F: | 113,88 Gb Total Space | 108,70 Gb Free Space | 95,45% Space Free | Partition Type: NTFS Computer Name: KARLI-PC | User Name: Karli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - c:\Users\Karli\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2951.27206__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2951.27213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2951.27138__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2951.26905__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2951.27131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2951.27203__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2951.27130__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2951.27202__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2951.27168__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2951.27078__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2951.26967__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2951.26914__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2951.27154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2951.26974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2951.26961__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2951.27098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2951.27077__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2951.26973__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2951.27097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2951.27069__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2951.27113__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2951.27059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2951.27067__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2951.27076__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2951.27111__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2951.27244__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2951.27183_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2951.26898__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2951.27183__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () MOD - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe () MOD - C:\Programme\Toshiba\PCDiag\NotifyPCD.dll () MOD - C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll () MOD - C:\Programme\Toshiba\FlashCards\BlackPng.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\IDM\Desktop SMS\oehook.dll () MOD - C:\Programme\Toshiba\TBS\NotifyTBS.dll () MOD - C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll () MOD - C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Windows\System32\TosCommAPI.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IntcHdmiAddService) -- system32\drivers\IntcHdmi.sys File not found DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (CnxtHdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{1799CF01-EB7F-41E4-97A0-A5FB187CB3FE}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.1und1.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{1799CF01-EB7F-41E4-97A0-A5FB187CB3FE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.1und1.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{52B647AC-FF85-4E9F-B14A-05E68C2CC0BF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337 IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.1und1.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.1und1.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.09.21 09:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (1und1 Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - Startup: C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54753B9A-A526-44AE-8C4B-F57740B2A0CD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\Karli\Desktop\Fotos mit hellem Hintergrund\bearbeitet\Kaiserwinden.jpg O24 - Desktop BackupWallPaper: C:\Users\Karli\Desktop\Fotos mit hellem Hintergrund\bearbeitet\Kaiserwinden.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 17:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.08 17:07:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.08 17:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.08 12:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.08 12:44:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.08 12:44:28 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.08 12:44:28 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.08 12:44:28 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.08 12:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.07 13:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.10.07 13:36:36 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.10.07 13:36:36 | 000,000,000 | -H-D | C] -- \$AVG [2012.10.07 13:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.10.07 13:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.10.07 13:31:43 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Local\MFAData [2012.10.07 13:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.10.07 13:31:43 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Local\Avg2013 [2012.10.07 11:51:33 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.10.07 11:51:33 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.10.07 10:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.29 09:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3 [2012.09.28 22:33:34 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Local\Apps [2012.09.28 19:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.09.28 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.09.28 19:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.09.28 19:12:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.26 16:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2012.09.26 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2012.09.26 16:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2012.09.26 16:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1InternetExplorerAddon [2012.09.24 12:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.09.24 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.09.24 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(0) [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.24 12:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.22 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.09.22 18:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.09.22 18:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.21 13:31:27 | 000,000,000 | ---D | C] -- C:\Users\Karli\Documents\OneNote-Notizbücher [2012.09.21 12:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2012.09.21 12:07:52 | 000,000,000 | ---D | C] -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.1 [2012.09.21 12:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Scribus 1.4.1 [2012.09.21 10:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.09.21 09:55:20 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.21 09:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.09.21 09:23:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.09.21 09:23:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.09.21 09:23:35 | 000,000,000 | ---D | C] -- C:\Users\Karli\Start Menu [2012.09.21 09:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.21 08:05:34 | 000,000,000 | ---D | C] -- C:\Users\Karli\Desktop\Kurt [2012.09.17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys [2012.09.14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2012.09.12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2012.09.12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.08 20:53:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.08 20:52:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 20:52:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 20:52:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.08 20:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 20:52:14 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.10.08 20:39:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.08 17:07:37 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 12:45:16 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.07 13:37:52 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.10.07 13:25:26 | 000,012,711 | ---- | M] () -- C:\Users\Karli\Desktop\Endlich sorgenlos in die Zukunft schauen.eml [2012.10.07 13:22:14 | 000,012,711 | ---- | M] () -- C:\Users\Karli\Documents\Endlich sorgenlos in die Zukunft schauen.eml [2012.10.07 11:51:07 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 11:51:07 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 10:52:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.30 09:31:19 | 000,000,680 | ---- | M] () -- C:\Users\Karli\AppData\Local\d3d9caps.dat [2012.09.26 16:58:04 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\Amazon.lnk [2012.09.26 16:58:04 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\1und1.lnk [2012.09.24 12:25:32 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.21 17:26:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.21 17:26:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.21 17:26:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.21 17:26:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.21 13:31:27 | 000,001,162 | ---- | M] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.21 13:27:05 | 000,012,800 | ---- | M] () -- C:\Users\Karli\Documents\Dokument-1.sla [2012.09.21 13:26:58 | 002,697,794 | ---- | M] () -- C:\Users\Karli\Documents\Titelblatt1.sla [2012.09.21 12:09:04 | 000,000,863 | ---- | M] () -- C:\Users\Karli\Desktop\Scribus 1.4.1.lnk [2012.09.21 09:55:20 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.21 09:23:25 | 000,001,985 | ---- | M] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk [2012.09.21 08:26:47 | 000,002,673 | ---- | M] () -- C:\Users\Karli\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.09.20 18:00:01 | 000,917,586 | ---- | M] () -- C:\Users\Karli\Desktop\U-Bahn Rom.pdf [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys [2012.09.14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2012.09.12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.08 17:07:37 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 12:45:16 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.07 13:37:52 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.10.07 13:25:25 | 000,012,711 | ---- | C] () -- C:\Users\Karli\Desktop\Endlich sorgenlos in die Zukunft schauen.eml [2012.10.07 13:22:13 | 000,012,711 | ---- | C] () -- C:\Users\Karli\Documents\Endlich sorgenlos in die Zukunft schauen.eml [2012.10.07 11:51:07 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.10.07 11:51:07 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 11:51:07 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 10:52:22 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.26 16:58:04 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.lnk [2012.09.26 16:58:04 | 000,001,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1und1.lnk [2012.09.26 16:58:04 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\1und1.lnk [2012.09.24 12:25:32 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.21 13:31:27 | 000,001,162 | ---- | C] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.21 13:27:05 | 000,012,800 | ---- | C] () -- C:\Users\Karli\Documents\Dokument-1.sla [2012.09.21 13:26:57 | 002,697,794 | ---- | C] () -- C:\Users\Karli\Documents\Titelblatt1.sla [2012.09.21 12:09:04 | 000,000,863 | ---- | C] () -- C:\Users\Karli\Desktop\Scribus 1.4.1.lnk [2012.09.21 09:23:25 | 000,001,985 | ---- | C] () -- C:\Users\Karli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk [2012.09.20 18:00:01 | 000,917,586 | ---- | C] () -- C:\Users\Karli\Desktop\U-Bahn Rom.pdf [2012.07.01 10:58:30 | 000,011,873 | ---- | C] () -- C:\Users\Karli\AppData\Local\recently-used.xbel [2011.12.03 12:53:16 | 000,000,025 | ---- | C] () -- C:\Windows\efdcet.dat [2011.09.20 19:05:53 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini [2011.01.17 10:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.17 10:21:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.02 12:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2011.01.02 11:59:15 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.01.02 11:59:15 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.01.02 11:59:15 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.01.02 11:59:15 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.01.02 11:59:15 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.01.02 11:59:15 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.01.02 11:59:15 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.01.02 11:59:15 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.01.02 11:59:15 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.01.02 11:59:15 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.01.02 11:59:15 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.01.02 11:59:15 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.01.02 11:59:15 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.01.02 11:59:15 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.01.02 11:59:15 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.01.02 11:59:15 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.01.02 11:59:15 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.01.02 11:59:15 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.01.02 11:59:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.11.02 20:49:26 | 000,000,680 | ---- | C] () -- C:\Users\Karli\AppData\Local\d3d9caps.dat [2009.11.29 16:39:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.05 19:24:11 | 000,003,584 | ---- | C] () -- C:\Users\Karli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.12 12:14:59 | 3219,578,880 | -HS- | C] () -- \hiberfil.sys [2008.02.15 17:38:45 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2008.02.15 17:38:44 | 000,333,257 | RHS- | C] () -- \bootmgr [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 985 bytes -> C:\Users\Karli\Documents\Endlich sorgenlos in die Zukunft schauen.eml:OECustomProperty @Alternate Data Stream - 985 bytes -> C:\Users\Karli\Desktop\Endlich sorgenlos in die Zukunft schauen.eml:OECustomProperty < End of report > Herzlicher Gruß Nordpol |
|
08.10.2012, 20:34
| #8 |
| /// the machine /// TB-Ausbilder | TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.GenESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Trash.Gen sowie EXP/CVE-2011-3544 sowie TR/Crypt.ULPM.Gen |
| antivir, autorun, avg, avg secure search, avg security toolbar, avira, babylon toolbar, babylontoolbar, bho, branding, browser, browser manager, cid, computer, conduit, dealply, defender, desktop, ebay, firefox, flash player, format, home, iexplore.exe, logfile, object, plug-in, registry, savings, scan, secure search, security, senden, software, tcbhn.exe, vista, vtoolbarupdater, winload toolbar |
Linear-Darstellung
