| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc hängt öfterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 10:33
| #1 |
 |  Pc hängt öfter Hallo liebe Experten, ich bin schon seit Tagen auf der Suche nach der Lösung für mein Problem : der Pc hängt öfter, ist langsam und ich weiß nicht warum. Ich habe Avira,Panda online scanner,Bitdefender,Uniblue Registry Booster, CCleaner,Wash and go, Tune up utilities 2013.Alles gemacht, Problem aber nicht behoben. Wenn ich z.B google und einen Link anklicken will,geht für Minuten erst mal nichts und dann gehts weiter ohne daß ich dafür irgendwas getan hätte. Das Umschalten zwischen den einzelnen Fenster dauert unendlich lange, beim Starten des PCs stottert der Ton, bei you tube kann ich nicht ein einziges Video sehen,der Pc bleibt sofort hängen.Will ich z.B.Word Pad benutzen, muss ich auch erst mal Minuten warten.Gelegentlich öffnet sich einfach so ein Bild aus der Bildergalerie ohne daß ich es angeklickt hätte,ab und zu habe ich kurz mal keinen Mausanzeiger mehr und ganz oft lässt sich Text nicht markieren.  Da ich zwar in der Lage bin Anweisungen zu befolgen die mir die Programme empfehlen, aber eigentlich nicht die Bohne von dem verstehe was ich da eigentlich mache ( bin völlig talentfrei was Technik angeht), bin ich auf eine genaue Anleitung angewiesen die keine Vorkenntnisse voraussetzt. Ich habe das hier gelesen wie Ihr jemand mit einem ähnlichen Problem mit einer Anleitung geholfen habt. Der verstand aber auch mehr vom PC als ich.............aber dennoch würde ich es gerne versuchen, das nervt nämlich unendlich. Ich habe früher schon mal einen anderen Pc weggebracht wegen ähnlicher Probleme und das hat ein Schweingeld gekostet das ich jetzt nicht ausgeben kann, deshalb versuche ich mir hier Hilfe zu holen.Ach ja, ich habe Windows Vista Geändert von mädchen (09.10.2012 um 10:40 Uhr) |
|
09.10.2012, 10:53
| #2 |
| /// Helfer-Team    | Pc hängt öfter , beachte bitte diesen Link und arbeite diesen ab: http://www.trojaner-board.de/69886-a...-beachten.html Danach wird sich dir ein Helfer annehmen. Falls dennoch Fragen zu den einzelnen Schritten offen bleiben, einfach nachfragen. Zusätzliche Infos sind noch interessant:
__________________ |
|
10.10.2012, 11:21
| #3 |
| | Pc hängt öfter Hallo Ihr Lieben,
__________________bin dabei das abzuarbeiten. Der defogger hat mit keine Fehlermeldung angezeigt und das Ergebnis vom OTL kommt hier: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 11:36:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,71% Memory free 4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,48 Gb Total Space | 28,42 Gb Free Space | 44,77% Space Free | Partition Type: NTFS Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 387,63 Gb Total Space | 361,73 Gb Free Space | 93,32% Space Free | Partition Type: NTFS Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT Computer Name: PC-PC | User Name: pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe PRC - [2012.10.07 12:48:08 | 000,959,944 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.09.19 11:27:26 | 001,060,704 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\Integrator.exe PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe PRC - [2012.08.09 19:44:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.12 12:04:10 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012.07.08 14:39:22 | 000,056,720 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2012.05.20 22:00:07 | 001,823,672 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.05.13 20:00:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 20:00:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 20:00:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe PRC - [2011.07.20 03:44:22 | 000,099,688 | ---- | M] (Lunascape Co., LTD.) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe PRC - [2010.06.28 16:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.10.07 12:48:08 | 000,959,944 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.10.07 12:48:08 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.0.0\avgdttbx.dll MOD - [2012.10.07 12:48:08 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.0.0\SiteSafety.dll MOD - [2012.09.19 10:50:38 | 013,416,256 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2013\libcef.dll MOD - [2012.08.28 20:11:44 | 000,014,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll MOD - [2012.08.28 20:11:34 | 000,108,528 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll MOD - [2012.07.08 14:39:22 | 000,114,064 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\InstallerExtensions.dll MOD - [2012.07.08 14:39:22 | 000,018,832 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cwebpage.dll MOD - [2012.07.08 14:39:16 | 000,136,592 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\locale\de\de.dll MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll ========== Services (SafeList) ========== SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0) SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer) SRV - [2012.08.23 15:40:04 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.13 20:00:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 20:00:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc) SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.05.13 20:00:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 20:00:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\DealBulldog Toolbar Toolbar\tbhelper.dll () IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&babsrc=SP_ss&mntrId=5445d1cc000000000000001e101f9843 IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420 IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27}?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBdc1Gw&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.0.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.12 12:24:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.0.0.7 [2012.10.07 12:49:31 | 000,000,000 | ---D | M] [2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions [2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DealBulldog Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\pc\AppData\Roaming\BrowserCompanion\tbhcn.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.0.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\bmutil.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\checkdrive.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\dropbox.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\schirmfoto.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\tbhcn.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 11:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons [2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software [2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.18 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\rezepte [2012.09.12 12:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT [2012.09.12 12:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC ========== Files - Modified Within 30 Days ========== [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2012.10.10 11:27:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:27:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable [2012.10.10 09:27:27 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job [2012.10.10 09:27:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.10.10 09:27:03 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.10 09:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 09:39:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.10.09 04:58:32 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job [2012.10.09 04:57:59 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job [2012.10.07 18:24:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 18:24:56 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf [2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | M] () -- C:\Users\pc\Desktop\°.lnk [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2012.09.13 15:24:48 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll ========== Files Created - No Company Name ========== [2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable [2012.10.10 09:26:52 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | C] () -- C:\Users\pc\Desktop\°.lnk [2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk [2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat [2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll [2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe [2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.07.11 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Abelssoft [2011.07.14 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Avant Downloader [2012.07.11 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Babylon [2012.10.09 05:13:23 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BrowserCompanion [2011.03.13 16:17:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DonationCoder [2012.10.09 04:46:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Dropbox [2011.07.14 11:05:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\freenet [2012.09.19 04:44:35 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Image Zone Express [2012.04.24 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\LibreOffice [2011.07.14 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Lunascape [2012.07.01 11:18:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\MusicNet [2011.07.08 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\NetDrive [2012.07.14 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenCandy [2012.07.19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\pdfforge [2011.11.09 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Printer Info Cache [2012.09.20 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\QuickScan [2012.10.07 14:38:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TuneUp Software [2011.09.21 00:30:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Uniblue [2012.06.10 15:50:39 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Visan ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 11:36:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,71% Memory free 4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,48 Gb Total Space | 28,42 Gb Free Space | 44,77% Space Free | Partition Type: NTFS Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 387,63 Gb Total Space | 361,73 Gb Free Space | 93,32% Space Free | Partition Type: NTFS Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT Computer Name: PC-PC | User Name: pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe PRC - [2012.10.07 12:48:08 | 000,959,944 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.09.19 11:27:26 | 001,060,704 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\Integrator.exe PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe PRC - [2012.08.09 19:44:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.12 12:04:10 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012.07.08 14:39:22 | 000,056,720 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2012.05.20 22:00:07 | 001,823,672 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.05.13 20:00:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 20:00:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 20:00:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe PRC - [2011.07.20 03:44:22 | 000,099,688 | ---- | M] (Lunascape Co., LTD.) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe PRC - [2010.06.28 16:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.10.07 12:48:08 | 000,959,944 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.10.07 12:48:08 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.0.0\avgdttbx.dll MOD - [2012.10.07 12:48:08 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.0.0\SiteSafety.dll MOD - [2012.09.19 10:50:38 | 013,416,256 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2013\libcef.dll MOD - [2012.08.28 20:11:44 | 000,014,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll MOD - [2012.08.28 20:11:34 | 000,108,528 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll MOD - [2012.07.08 14:39:22 | 000,114,064 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\InstallerExtensions.dll MOD - [2012.07.08 14:39:22 | 000,018,832 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cwebpage.dll MOD - [2012.07.08 14:39:16 | 000,136,592 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\locale\de\de.dll MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll ========== Services (SafeList) ========== SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0) SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer) SRV - [2012.08.23 15:40:04 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.13 20:00:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 20:00:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc) SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.05.13 20:00:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 20:00:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\DealBulldog Toolbar Toolbar\tbhelper.dll () IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&babsrc=SP_ss&mntrId=5445d1cc000000000000001e101f9843 IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420 IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27}?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBdc1Gw&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.0.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.12 12:24:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.0.0.7 [2012.10.07 12:49:31 | 000,000,000 | ---D | M] [2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions [2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (DealBulldog Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\DealBulldog Toolbar Toolbar\tbcore3.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\pc\AppData\Roaming\BrowserCompanion\tbhcn.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.0.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\bmutil.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\checkdrive.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\dropbox.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\schirmfoto.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\tbhcn.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 11:31:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons [2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software [2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.18 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\rezepte [2012.09.12 12:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT [2012.09.12 12:25:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC ========== Files - Modified Within 30 Days ========== [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe [2012.10.10 11:27:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:27:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable [2012.10.10 09:27:27 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job [2012.10.10 09:27:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.10.10 09:27:03 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.10 09:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 09:39:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.10.09 04:58:32 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job [2012.10.09 04:57:59 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job [2012.10.07 18:24:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 18:24:56 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf [2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | M] () -- C:\Users\pc\Desktop\°.lnk [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2012.09.13 15:24:48 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll ========== Files Created - No Company Name ========== [2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable [2012.10.10 09:26:52 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | C] () -- C:\Users\pc\Desktop\°.lnk [2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk [2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat [2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll [2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe [2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.07.11 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Abelssoft [2011.07.14 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Avant Downloader [2012.07.11 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Babylon [2012.10.09 05:13:23 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BrowserCompanion [2011.03.13 16:17:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DonationCoder [2012.10.09 04:46:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Dropbox [2011.07.14 11:05:34 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\freenet [2012.09.19 04:44:35 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Image Zone Express [2012.04.24 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\LibreOffice [2011.07.14 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Lunascape [2012.07.01 11:18:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\MusicNet [2011.07.08 11:57:41 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\NetDrive [2012.07.14 13:35:43 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenCandy [2012.07.19 18:57:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\pdfforge [2011.11.09 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Printer Info Cache [2012.09.20 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\QuickScan [2012.10.07 14:38:51 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TuneUp Software [2011.09.21 00:30:12 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Uniblue [2012.06.10 15:50:39 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Visan ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 11:36:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,71% Memory free
4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 28,42 Gb Free Space | 44,77% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 361,73 Gb Free Space | 93,32% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CBD7845-0288-4425-BA04-97252E840043}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{226CBE0F-9F1C-4B84-A7A8-097A9C328133}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{2F8FE96A-37FC-48FC-A274-7179176F6E5E}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{30A19E42-C52D-4250-AA47-B5CC06F25C75}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{36DFF524-B990-4A6C-9DD8-A35391AF6005}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{570FE284-895B-425F-98A0-58F43085550D}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{6B5F328B-B609-45E4-B1F0-10A4A8981D6B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6CFC040B-44EC-400C-9A72-FE2A642E6067}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{7406A79B-7E27-41B4-89EF-A91417F64737}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{779F3503-F364-4FE7-9CE1-37D85F63A158}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{79957D25-5AAE-4D80-BCD0-5FF98F001471}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{9395F2EB-E730-41D8-AE48-44C71B493927}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{96151931-4520-43E4-A689-52E226F4F082}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{B18D5A65-90AB-4F84-B3D4-CF4A2BCD1A3C}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B652535E-06B3-4831-A7FC-7D3B0C31336C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B6569463-37A6-457C-B2CF-CA6BA5D3D665}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{CF8C0B69-02D6-4BF4-8F2D-3E3452DFAECC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DC710067-43A4-4852-BEE0-693EEF7CABBF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E02E6A6E-55B2-47CC-9DAF-A872D61B3CFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F34F597B-25CF-41E3-AB7E-9B2E4155FDA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4CF3062-B85A-47D4-AD86-9AEB657CE2B9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.7.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"AbAlarm_is1" = AbAlarm
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"CCleaner" = CCleaner
"DealBulldog Toolbar Toolbar" = DealBulldog Toolbar Toolbar
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Lunascape6" = Lunascape6 (All Users)
"MailXXL.com" = MailXXL.com Tools
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"MyKeyFinder_is1" = MyKeyFinder
"NetDrive" = NetDrive
"Schirmfoto_is1" = Schirmfoto
"Searchqu Toolbar" = Searchqu Toolbar
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WashAndGo_is1" = WashAndGo
"Wincore MediaBar" = Wincore MediaBar
"WNLT" = Web Optimizer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 03:36:16 | Computer Name = pc-PC | Source = VSS | ID = 40
Description =
Error - 10.10.2012 03:36:16 | Computer Name = pc-PC | Source = VSS | ID = 12292
Description =
Error - 10.10.2012 03:36:17 | Computer Name = pc-PC | Source = VSS | ID = 40
Description =
Error - 10.10.2012 03:36:17 | Computer Name = pc-PC | Source = VSS | ID = 12292
Description =
Error - 10.10.2012 03:36:17 | Computer Name = pc-PC | Source = VSS | ID = 40
Description =
Error - 10.10.2012 03:36:17 | Computer Name = pc-PC | Source = VSS | ID = 12292
Description =
Error - 10.10.2012 03:36:17 | Computer Name = pc-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 10.10.2012 03:43:56 | Computer Name = pc-PC | Source = DCOM | ID = 10005
Description =
Error - 10.10.2012 03:43:57 | Computer Name = pc-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Ich habe noch eingangs vergessen zu erwähnen daß es manchmal Probleme gibt Text einzugeben.Entweder habe ich die Buchstaben doppelt oder gar nicht.Häufig kommt es vor "das Programm kann die Webseite nicht anzeigen " oder dass die Navigation zu der Webseite immer wieder abgebrochen wird. Heute zum Beispiel hier mit dem Trojanerboard......habe es x- Mal versuchen müssen bis es endlich ging.  Hallo, habe nun GMER durchlaufen gelassen und hier ist das Ergebnis: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-10 13:23:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAVS-00G9B1 rev.05.04C05
Running: n2pze84q.exe; Driver: C:\Users\pc\AppData\Local\Temp\pgtdapob.sys
---- System - GMER 1.0.15 ----
SSDT 8D2083CE ZwCreateSection
SSDT 8D2083D8 ZwRequestWaitReplyPort
SSDT 8D2083D3 ZwSetContextThread
SSDT 8D2083DD ZwSetSecurityObject
SSDT 8D2083E2 ZwSystemDebugControl
SSDT 8D20836F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81CE18D8 4 Bytes [CE, 83, 20, 8D] {INTO ; AND DWORD [EAX], -0x73}
.text ntkrnlpa.exe!KeSetEvent + 539 81CE1BFC 4 Bytes [D8, 83, 20, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CE1C30 4 Bytes [D3, 83, 20, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CE1C94 4 Bytes [DD, 83, 20, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 81CE1CDC 4 Bytes [E2, 83, 20, 8D]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
 ich Dussel hatte den Avira Scanner dabei nicht ausgeschaltet....muss ich jetzt GMER nochmal machen oder geht das auch so? Hi, wollte mir eben 7-ZiP runterladen, ging aber leider nicht , der Zugriff auf den Zielordner wurde verweigert,habe dann von Avira die Meldung bekommen 7-ZiP wurde als Malware erkannt. Soll ich Avira abschalten und es dann noch einmal versuchen? Kann ja eigentlich keine Malware sein wenn Ihr das empfehlt.  |
|
17.10.2012, 11:07
| #4 |
| /// the machine /// TB-Ausbilder   | Pc hängt öfter Hi, Sorry für die Verspätung. Brauchst Du noch Hilfe?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.10.2012, 18:33
| #5 |
| | Pc hängt öfter Hallo, ja, habe das Problem noch nicht lösen können.Hat sich noch keiner erbarmt mich schlau zu machen. |
|
18.10.2012, 06:05
| #6 | |
| /// the machine /// TB-Ausbilder | Pc hängt öfter Downloade Dir bitte AdwCleaner auf deinen Desktop.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Pc hängt öfter |
|
18.10.2012, 20:27
| #7 |
| |  Pc hängt öfter Hi Schrauber, danke dir für deine Mühe. Es hat leider mit dem download von Combofix nicht so hingehauen, Lunascape hat den download geblockt und ich musste den IE nehmen. Da habe ich dann beim speichern irgendwas falsch gemacht....schäm. Blöd wenn man doof ist! Hier die Ergebnisse mit denen du hoffentlich was anfangen kannst ......damit ich das nicht nochmal machen muss, hat nämlich elend lange gedauert bis Combofix mal fertig war! # AdwCleaner v2.005 - Datei am 18/10/2012 um 19:46:52 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : pc - PC-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\pc\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gefunden : C:\user.js Ordner Gefunden : C:\Program Files\AVG Secure Search Ordner Gefunden : C:\Program Files\BrowserCompanion Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\Program Files\Searchqu Toolbar Ordner Gefunden : C:\Program Files\Web Assistant Ordner Gefunden : C:\ProgramData\AVG Secure Search Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\IBUpdaterService Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\pc\AppData\Local\AVG Secure Search Ordner Gefunden : C:\Users\pc\AppData\Local\Babylon Ordner Gefunden : C:\Users\pc\AppData\Local\Conduit Ordner Gefunden : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Ordner Gefunden : C:\Users\pc\AppData\Local\Ilivid Player Ordner Gefunden : C:\Users\pc\AppData\LocalLow\AVG Secure Search Ordner Gefunden : C:\Users\pc\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\pc\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\pc\AppData\LocalLow\incredibar.com Ordner Gefunden : C:\Users\pc\AppData\LocalLow\Searchqutoolbar Ordner Gefunden : C:\Users\pc\AppData\LocalLow\Toolbar4 Ordner Gefunden : C:\Users\pc\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\pc\AppData\Roaming\BrowserCompanion Ordner Gefunden : C:\Users\pc\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\pc\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AVG Secure Search Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\IGearSettings Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gefunden : HKCU\Software\SMTTB2009 Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Somoto Toolbar Schlüssel Gefunden : HKLM\Software\AVG Secure Search Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\Software\bProtector Schlüssel Gefunden : HKLM\Software\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Schlüssel Gefunden : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\Software\Iminent Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb Schlüssel Gefunden : HKLM\Software\Tarma Installer Schlüssel Gefunden : HKLM\Software\Web Assistant Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gefunden : HKU\S-1-5-21-1085966804-1864869585-2381995735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27} [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27}?s_src=newtab -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.1] : icon_url ={"backup":{"_signature":"NkNAWbkAlnekYlW2ZGSs76bQI+PNXA9oZGa/wqoxxCg=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","bodddioamolcibagionmmobehnbhiakf","dlnembnfbcpjnepmfjmngjenhhajpdfd"]},"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp"]}},"browser":{"last_known_google_url":"hxxp://www.google.de/","last_prompted_google_url":"hxxp://www.google.de/","window_placement":{"bottom":824,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":834,"work_area_left":0,"work_area_right":1152, "work_area_top":0}},"countryid_at_install":17477,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.de","name":"Google","prepopulate_id":"1","search_url":"{goo gle:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourcei d=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms }"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default": true,"ping_delay":10,"show_welcome_page":true,"skip_first_run_ui":false,"verbose_logging":false},"dns_prefetching":{"host_referral_list": [ 2 ]},"sync_promo":{"show_on_first_run_allowed":false}}************************* AdwCleaner[R1].txt - [24846 octets] - [18/10/2012 19:46:52] ########## EOF - C:\AdwCleaner[R1].txt - [24907 octets] ########## # AdwCleaner v2.005 - Datei am 18/10/2012 um 19:57:40 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : pc - PC-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\pc\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search Ordner Gelöscht : C:\Program Files\AVG Secure Search Ordner Gelöscht : C:\Program Files\BrowserCompanion Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\Searchqu Toolbar Ordner Gelöscht : C:\Program Files\Web Assistant Ordner Gelöscht : C:\ProgramData\AVG Secure Search Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\IBUpdaterService Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\pc\AppData\Local\AVG Secure Search Ordner Gelöscht : C:\Users\pc\AppData\Local\Babylon Ordner Gelöscht : C:\Users\pc\AppData\Local\Conduit Ordner Gelöscht : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Ordner Gelöscht : C:\Users\pc\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\AVG Secure Search Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\bbrs_002.tb Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\incredibar.com Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\Searchqutoolbar Ordner Gelöscht : C:\Users\pc\AppData\LocalLow\Toolbar4 Ordner Gelöscht : C:\Users\pc\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\pc\AppData\Roaming\BrowserCompanion Ordner Gelöscht : C:\Users\pc\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\pc\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\IGearSettings Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gelöscht : HKCU\Software\SMTTB2009 Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Somoto Toolbar Schlüssel Gelöscht : HKLM\Software\AVG Secure Search Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\Software\bProtector Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb Schlüssel Gelöscht : HKLM\Software\Tarma Installer Schlüssel Gelöscht : HKLM\Software\Web Assistant Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp --> hxxp://www.google.com Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.bigseekpro.com/lickingdogscreen58/{ED7B955B-6018-4426-9A81-2A6584975D27}?s_src=newtab --> hxxp://www.google.com -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.1] : icon_url ={"backup":{"_signature":"NkNAWbkAlnekYlW2ZGSs76bQI+PNXA9oZGa/wqoxxCg=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","bodddioamolcibagionmmobehnbhiakf","dlnembnfbcpjnepmfjmngjenhhajpdfd"]},"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={6F3A6C9B-EBBC-4643-BCE5-1781EE57D853}&mid=6f5268bac3b847d0a364d15756fb0efd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2012-10-07 12:49:10&v=13.0.0.7&sap=hp"]}},"browser":{"last_known_google_url":"hxxp://www.google.de/","last_prompted_google_url":"hxxp://www.google.de/","window_placement":{"bottom":824,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":834,"work_area_left":0,"work_area_right":1152, "work_area_top":0}},"countryid_at_install":17477,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.de","name":"Google","prepopulate_id":"1","search_url":"{goo gle:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourcei d=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms }"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default": true,"ping_delay":10,"show_welcome_page":true,"skip_first_run_ui":false,"verbose_logging":false},"dns_prefetching":{"host_referral_list": [ 2 ]},"sync_promo":{"show_on_first_run_allowed":false}}************************* AdwCleaner[R1].txt - [24977 octets] - [18/10/2012 19:46:52] AdwCleaner[S1].txt - [24014 octets] - [18/10/2012 19:57:40] ########## EOF - C:\AdwCleaner[S1].txt - [24075 octets] ########## Combofix Logfile: Code:
ATTFilter ComboFix 12-10-18.03 - pc 18.10.2012 20:18:37.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2039.1257 [GMT 2:00]
ausgeführt von:: c:\users\pc\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-18 bis 2012-10-18 ))))))))))))))))))))))))))))))
.
.
2012-10-18 18:57 . 2012-10-18 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 12:11 . 2012-10-18 12:11 -------- d-----w- c:\users\pc\AppData\Roaming\Avira
2012-10-18 12:05 . 2012-10-01 15:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-18 12:05 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-18 12:05 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-18 12:05 . 2012-10-18 12:05 -------- d-----w- c:\program files\Avira
2012-10-17 17:27 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2173B36-4D7D-4EFF-8CE5-2935373F78D6}\mpengine.dll
2012-10-10 12:27 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:27 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:27 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:27 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 12:27 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 12:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 12:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 03:10 . 2012-10-09 03:11 -------- d--h--w- c:\windows\Icons
2012-10-07 10:50 . 2012-09-19 09:29 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-10-07 10:50 . 2012-09-19 09:29 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-10-07 10:49 . 2012-10-07 10:48 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-07 10:47 . 2012-10-07 12:38 -------- d-----w- c:\users\pc\AppData\Roaming\TuneUp Software
2012-10-07 10:47 . 2012-10-07 10:49 -------- d-----w- c:\program files\TuneUp Utilities 2013
2012-10-07 10:46 . 2012-10-07 10:47 -------- d-----w- c:\programdata\TuneUp Software
2012-10-07 10:46 . 2012-10-07 10:57 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 13:26 . 2012-09-12 10:25 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:24 . 2012-09-12 10:25 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-08-28 18:24 . 2012-06-25 16:20 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-07-02 14:36 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"b1gMail-Utility"="c:\program files\MailXXL.com Tools\BMUtil.exe" [2011-07-08 403968]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2012-07-08 68000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Netdrive"="c:\program files\NetDrive\netdrive.exe" [2011-10-09 2572800]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-08-08 828416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
tbhcn.lnk - c:\users\pc\AppData\Roaming\BrowserCompanion\tbhcn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-18 c:\windows\Tasks\AbelssoftPreloader.job
- c:\program files\WashAndGo\AbelssoftPreloader.exe [2012-09-01 08:02]
.
2012-10-09 c:\windows\Tasks\CheckDriveBackgroundGuard.job
- c:\program files\CheckDrive\CheckDriveBackgroundGuard.exe [2012-08-17 09:18]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 13:47]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 13:47]
.
2012-10-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-03-02 10:11]
.
2012-10-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-06 12:39]
.
2012-10-09 c:\windows\Tasks\Schirmfoto.job
- c:\program files\Schirmfoto\schirmfoto.exe [2011-10-08 23:07]
.
2012-10-09 c:\windows\Tasks\WebReg Deskjet F300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
URLSearchHooks-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2764)
c:\users\pc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\DatacardService\DCService.exe
c:\program files\NetDrive\ndsvc.exe
c:\windows\system32\PrintCtrl.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe
c:\windows\system32\dmwu.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-18 21:10:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-18 19:09
.
Vor Suchlauf: 5 Verzeichnis(se), 29.403.770.880 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 29.581.627.392 Bytes frei
.
- - End Of File - - B9E74550A59D11413F09CAD0BFA2B83C
Schönen Abend noch und lieben Gruß mädchen |
|
18.10.2012, 20:34
| #8 |
| /// the machine /// TB-Ausbilder | Pc hängt öfter Hallo mädchen (das wollt ich immer schonmal schreiben  )Poste mal bitte ein frisches OTL log und sag mir wie die Kiste läuft 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2012, 21:01
| #9 |
| |  Pc hängt öfter Hi, ein ganz frisches OTL :OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2012 21:37:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop\trojaner board Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,78% Memory free 4,22 Gb Paging File | 3,17 Gb Available in Paging File | 75,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,48 Gb Total Space | 27,59 Gb Free Space | 43,46% Space Free | Partition Type: NTFS Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 387,63 Gb Total Space | 361,73 Gb Free Space | 93,32% Space Free | Partition Type: NTFS Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT Computer Name: PC-PC | User Name: pc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\trojaner board\OTL.exe PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe PRC - [2012.09.06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.08 14:39:22 | 000,056,720 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe PRC - [2011.07.20 03:44:22 | 000,099,688 | ---- | M] (Lunascape Co., LTD.) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2012.08.28 20:11:44 | 000,014,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll MOD - [2012.08.28 20:11:34 | 000,108,528 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll MOD - [2012.07.08 14:39:22 | 000,114,064 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\InstallerExtensions.dll MOD - [2012.07.08 14:39:22 | 000,018,832 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cwebpage.dll MOD - [2012.07.08 14:39:16 | 000,136,592 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\locale\de\de.dll MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll ========== Services (SafeList) ========== SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc) SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {288575EA-507B-42CB-97BE-ACED08F1998A} IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420 IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;form=MSITDF&amp;amp;pc=MAMI&amp;amp;src=IE-SearchBox IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions [2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe () O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\temp [2012.10.18 21:05:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.18 20:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.18 20:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.18 20:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.18 20:15:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.18 20:14:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.18 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira [2012.10.18 14:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.18 14:05:46 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.18 14:05:46 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.18 14:05:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.18 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.11 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.10.10 14:50:01 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\trojaner board [2012.10.10 14:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 14:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 14:27:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons [2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software [2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.23 04:15:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.23 04:15:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.23 04:15:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.23 04:15:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.23 04:15:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.23 04:15:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.23 04:15:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.23 04:15:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.21 09:45:06 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.09.21 09:45:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.09.21 09:45:06 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files - Modified Within 30 Days ========== [2012.10.18 21:15:30 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job [2012.10.18 21:15:24 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.10.18 21:15:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 21:15:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 21:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.18 20:12:40 | 000,000,541 | ---- | M] () -- C:\Users\pc\Desktop\ComboFix - Verknüpfung.lnk [2012.10.18 19:46:38 | 000,538,941 | ---- | M] () -- C:\Users\pc\Desktop\adwcleaner.exe [2012.10.18 14:05:59 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.13 18:36:56 | 000,010,240 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 12:30:09 | 000,572,634 | ---- | M] () -- C:\Users\pc\Desktop\stui.jpg [2012.10.13 09:10:12 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.11 16:56:57 | 000,001,608 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.11 16:56:56 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.11 13:01:56 | 000,006,562 | ---- | M] () -- C:\Users\pc\Desktop\vvvvc.eml [2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable [2012.10.09 09:39:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.10.09 04:58:32 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job [2012.10.09 04:57:59 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job [2012.10.07 18:24:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 18:24:56 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf [2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | M] () -- C:\Users\pc\Desktop\°.lnk [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll ========== Files Created - No Company Name ========== [2012.10.18 20:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.18 20:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.18 20:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.18 20:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.18 20:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.18 20:12:40 | 000,000,541 | ---- | C] () -- C:\Users\pc\Desktop\ComboFix - Verknüpfung.lnk [2012.10.18 19:46:07 | 000,538,941 | ---- | C] () -- C:\Users\pc\Desktop\adwcleaner.exe [2012.10.18 14:05:59 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.13 12:26:19 | 000,010,240 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 09:09:54 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.11 16:56:57 | 000,001,608 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.11 16:56:56 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.11 13:01:42 | 000,006,562 | ---- | C] () -- C:\Users\pc\Desktop\vvvvc.eml [2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable [2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk [2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf [2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job [2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk [2012.09.22 17:44:19 | 000,000,485 | ---- | C] () -- C:\Users\pc\Desktop\°.lnk [2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk [2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat [2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll [2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe [2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 925 bytes -> C:\Users\pc\Desktop\vvvvc.eml:OECustomProperty < End of report > Sag mal wie schnell wertest du denn diese ganzen Informationen aus???? Ich werde den Rechner gleich neu anwerfen und mal schauen wie es jetzt so ist und dann melde ich mich nochmal.Was ich aber jetzt schon sagen kann : zwischen neues OTL machen und hier antworten hat er sich dreimal aufgehängt. Bis später! mädchen |
|
18.10.2012, 21:49
| #10 |
| | Pc hängt öfter Hallo Schrauber, bin verblüfft. Bisher hat sich der Pc jedes Mal beim ersten Klick nach dem Starten aufgehängt - und jetzt nicht mehr. Das hast du aber schön gemacht! Immer wenn ich was gegoogelt habe und dann was anklickte blieb er hängen, das klappt jetzt auch wieder . Das Umschalten zwischen den einzelenen Webseiten funktioniert auch wieder ohne dass man dabei Socken stricken kann.Habe zwar noch nicht alles ausprobiert ( you tube noch nicht) aber freu mich schon über die Erfolge, das geht jetzt alles fixer.Ich hatte ein Problem mit dem Drucker, es hat oft lange gedauert bis der Druckauftrag dann auch ausgeführt wurde. Hab eben einen Test gemacht, ging gut. Leider besteht aber immer noch das Ding mit der Texteingabe, da fehlen manchmal Buchstaben oder ich habe sie doppelt. Aber ich will nicht meckern......das hast du wirklich schön hingekriegt.  Liebe Grüße vom mädchen Hi Schrauber, da habe ich mich wohl zu früh gefreut....schade. Nach Eingabe des Benutzerkennwortes stotterte der Pc wieder und hing auch wieder beim ersten Klick. Geändert von mädchen (18.10.2012 um 21:56 Uhr) |
|
19.10.2012, 16:26
| #11 | |
| /// the machine /// TB-Ausbilder | Pc hängt öfterZitat:
Malwarebytes' Anti-Malware
ESET Online Scanner
Öffne OTL, bei Extra Registrierung auf Benutze Safe List stellen und Scan Button drücken, poste beide Logfiles .
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2012, 18:58
| #12 |
| |  Pc hängt öfter Hi Schrauber, puuuh. Ob ich das alles hinkriege? Heute mache ich das nicht mehr, bin eh nicht mehr aufnahmefähig. Morgen. Bis dann! mädchen |
|
19.10.2012, 19:09
| #13 |
| /// the machine /// TB-Ausbilder | Pc hängt öfter Sicher bekommste das hin
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2012, 08:30
| #14 |
| |  Pc hängt öfter Guten Morgen! Irgendwas stimmt da mit dem Link für den Anti-Malware Download nicht.  Habe den Download für die neueste Version angeklickt und hatte dann ... zipper ... installiert. Aber kann man vielleicht auch mal gebrauchen. Dann habe ich es nochmal versucht....und da hatte ich ...download accelerator ...installiert. Eh ich mir jetzt nach und nach noch mehr Sachen runterlade die ich gar nicht haben will frage ich dich erstmal wo ich denn nun den download für Malwarebytes herbekomme. Übrigens kann ich wieder störungsfrei Musikvideos bei you tube ansehen. Liebe Grüße mädchen |
|
20.10.2012, 14:50
| #15 |
| /// the machine /// TB-Ausbilder | Pc hängt öfter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Pc hängt öfter |
| avira, beim starten, bild, bitdefender, ccleaner, defender, geld, google, hängt, klicke, langsam, link, lösung, online, pc hängt, problem, probleme, programme, registry, registry booster, scan, starten, suche, tune up, öffnet |
Linear-Darstellung
