| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet öfters "falsche" SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.11.2012, 18:30
| #1 |
| |  Google öffnet öfters "falsche" Seiten Hallo, seit ein paar Tagen leitet Google mich auf "falsche" Seiten um wie z.B. Pricerunner usw. Habe einen Scan mit OTL durchgeführt. Kann ein Profi bitte mal drübergucken was die Ursache sein kann? Hier der OTL.txt-Report:OTL Logfile: OTL logfile created on: 24.11.2012 18:14:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jörg Hoffmann\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 34,71% Memory free 5,93 Gb Paging File | 3,63 Gb Available in Paging File | 61,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 9,06 Gb Free Space | 6,08% Space Free | Partition Type: NTFS Drive E: | 147,58 Gb Total Space | 40,11 Gb Free Space | 27,18% Space Free | Partition Type: NTFS Computer Name: JÖRGHOFFMANN-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\System32\GFilterSvc.exe () PRC - C:\Windows\System32\odfox32d.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Squeezebox\server\SqueezeSvr.exe (Logitech Inc.) PRC - C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - c:\Program Files\Real\RealPlayer\Update\realonemessagecenter.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\19febd96672ffdb7ea244cef36aaa062\Zlib.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\b6bd87c968599725b8ab2e5c25d3046a\API.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\bc147d83c7c868eeee67082dcf55430c\File.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\951e8057c3fe65524966ea64dff289ac\Scan.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\0665c25e931c1ac0151b062449e91028\XSAccessor.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\c668a322917d32a5ea22894518aa9897\Base64.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\7f2598c08178217a0e2c754f3d568f28\Byte.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\aff7ee779ea184f884ed432c30a58f5d\Scale.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\d0bf009923f29116535c26d228271d6d\Scan.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\17d0b152e63e6bfe81b4b19588538896\mro.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\3b7106dd14676048b10bbb09a990f74c\XS.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\b979ace6da01e63d651cce9ee2474fdc\Name.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\bd5179a413bc0c4b82eedc22c6cab101\re.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\44727051c604ef6b79894b64d4c63832\Expat.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\eb138ef0e4282611dbf485a302784646\LibYAML.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\7f177c338672436e01c4f0bdbcf94491\EV.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\c344fd5536724b2af2e6453833b60203\SHA1.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\c5cce8d16a1bd48692b421dcf46d3396\Util.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\e56c61f7248672819579325af3387035\POSIX.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\c199d3c1960e7aeeecb599487952bed2\HiRes.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\4461f48e31bde5c56b31b973b773de09\List.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\f233f63b6654362865c7577442edb9e3\Win32.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-5492\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\bd5179a413bc0c4b82eedc22c6cab101\re.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\93e7e3d6030f426844228042348210cf\Service.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\eb138ef0e4282611dbf485a302784646\LibYAML.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\e56c61f7248672819579325af3387035\POSIX.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\f233f63b6654362865c7577442edb9e3\Win32.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\4461f48e31bde5c56b31b973b773de09\List.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\c5cce8d16a1bd48692b421dcf46d3396\Util.dll () MOD - C:\Users\JRGHOF~1\AppData\Local\Temp\pdk-J[f6]rg_Hoffmann-3692\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3497.38851__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\TOSHIBA\TECO\TecoPower.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () ========== Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe () SRV - (cmmon32d) -- C:\Windows\System32\odfox32d.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (camsvc) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA) SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (SSPORT) -- C:\Windows\system32\Drivers\SSPORT.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKLM\..\SearchScopes\{F28F3618-C212-47C2-A2A0-3DBD22509EBC}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.chip.de/ IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.sweetim.com [binary data] IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=2d22df98-4c2a-498f-9bc2-8f2cce2f9c72&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_nocpc_3812_6&babsrc=SP_ss&mntrId=200acd4a00000000000000225febf63e IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{4A1494B3-FCFF-438C-81BA-2DB746B7FC23}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9732A361-6DA2-4F24-990E-4DA970C2D845&apn_sauid=4B1AA0BD-2B61-4B54-BC74-5E6123AA3AC1 IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{6259A0C1-57A9-46C5-BDB6-9BA7A6579D8C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IEOB04 IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{F28F3618-C212-47C2-A2A0-3DBD22509EBC}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7RNSN_de IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\SearchScopes\{F31B35DC-420D-48DD-A964-667C6E510E83}: "URL" = hxxp://suche.chip.de/?q={searchTerms}&count=yes IE - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=9732A361-6DA2-4F24-990E-4DA970C2D845&apn_ptnrs=&apn_sauid=4B1AA0BD-2B61-4B54-BC74-5E6123AA3AC1&apn_dtid=OSJ000&&q=" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.startup.homepage: "hxxp://www.google.de/ncr" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.05 21:06:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.15 18:09:27 | 000,000,000 | ---D | M] [2010.01.01 13:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Extensions [2012.09.21 19:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions [2010.01.01 13:36:11 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.01.01 13:36:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.14 18:20:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.03.04 11:02:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.03.28 18:06:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.22 16:55:37 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.03.01 22:21:06 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.09.21 19:13:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\ffxtlbr@babylon.com [2012.09.21 19:13:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\Firefox\Profiles\7e0hy9et.default\extensions\ich@maltegoetz.de [2012.09.11 10:09:36 | 000,002,299 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\askcom.xml [2010.12.28 16:32:09 | 000,000,873 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\conduit.xml [2012.10.26 17:39:13 | 000,003,576 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\Google.xml [2010.12.28 16:32:05 | 000,000,950 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\icqplugin-1.xml [2010.12.28 20:52:08 | 000,000,950 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\icqplugin-2.xml [2011.03.30 13:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\icqplugin.xml [2011.03.01 22:21:01 | 000,003,915 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\sweetim.xml [2009.10.11 21:30:11 | 000,001,201 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mozilla\firefox\profiles\7e0hy9et.default\searchplugins\winamp-search.xml [2012.09.12 22:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.01 13:05:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.01 04:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.11 16:54:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.11 09:58:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_de CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\J\u00F6rg Hoffmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.5_0\ CHR - Extension: YouTube = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: DVDVideoSoftTB = C:\Users\Jörg Hoffmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\10.13.20.300_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA) O4 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000..\Run: [GoogleChromeAutoLaunch_5501D6BC836E2B767F5330FB48064158] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000..\Run: [kiil.exe] "C:\Users\Jörg Hoffmann\AppData\Roaming\Obop\kiil.exe" File not found O4 - HKU\S-1-5-21-2663850090-552971681-1876569007-1000..\Run: [MediaGet2] C:\Users\Jörg Hoffmann\AppData\Local\MediaGet2\mediaget.exe --minimized File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jörg Hoffmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jörg Hoffmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll () O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O13 - gopher Prefix: missing O16 - DPF: {6551848B-8185-4436-8C20-BDEA6E2E5BA7} hxxp://learn.bbwonline.de/prokoda/r3/ge/plugin/lesax.cab (AXReader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3CEC31-6D3A-44AA-8205-AF2335E9D76B}: DhcpNameServer = 192.168.4.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A29628-43C2-4ED7-9655-1C920806BAEE}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.12.19 21:17:19 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 18:13:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jörg Hoffmann\Desktop\OTL.exe [2012.11.18 16:37:22 | 000,101,376 | ---- | C] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV07.sys [2012.11.15 21:26:56 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.15 21:26:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.15 21:26:34 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.15 21:26:33 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.15 21:26:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.15 21:26:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.15 21:26:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.15 21:26:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.15 21:26:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.15 21:26:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.15 21:26:07 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.15 21:26:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.15 21:26:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.15 17:08:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.15 17:08:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.15 17:08:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.15 17:08:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.15 17:08:01 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.15 17:08:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.15 17:08:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.01 13:52:12 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.01 13:52:12 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.01 13:52:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.01 13:52:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.01 13:52:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.01 13:52:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.01 13:52:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.01 13:52:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.01 13:52:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.01 13:52:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.01 13:52:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.01 13:52:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.01 13:52:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.01 13:52:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.01 13:52:10 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.01 13:52:10 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.01 13:52:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.01 13:52:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.01 13:52:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.01 13:52:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.01 13:52:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.01 13:52:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.01 13:52:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.01 13:52:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.01 13:52:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.01 13:52:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.01 13:52:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.01 13:52:09 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.01 13:52:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.01 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.01 11:35:17 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.11.01 11:35:17 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.11.01 11:35:17 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.24 18:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg Hoffmann\Desktop\OTL.exe [2012.11.24 17:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.24 17:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.24 16:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.24 16:08:02 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Jörg Hoffmann.job [2012.11.24 15:50:26 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 15:50:26 | 000,011,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 15:45:15 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Jörg Hoffmann.job [2012.11.24 15:45:14 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job [2012.11.24 15:42:38 | 2388,295,680 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 10:42:53 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.23 10:42:53 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.23 10:42:53 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.23 10:42:53 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.22 11:23:01 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Jörg Hoffmann.job [2012.11.18 16:38:20 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000317.LCS [2012.11.18 16:38:18 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000316.LCS [2012.11.18 16:37:22 | 000,101,376 | ---- | M] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV07.sys [2012.11.16 18:16:15 | 000,339,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.11 12:35:15 | 000,037,888 | ---- | M] () -- C:\Users\Jörg Hoffmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 16:06:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2012.11.01 13:52:12 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.01 13:52:12 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.01 13:52:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.01 13:52:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.01 13:52:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.01 13:52:12 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.01 13:52:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.01 13:52:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.01 13:52:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.01 13:52:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.01 13:52:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.01 13:52:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.01 13:52:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.01 13:52:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.01 13:52:10 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.01 13:52:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.01 13:52:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.01 13:52:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.01 13:52:10 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.01 13:52:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.01 13:52:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.01 13:52:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.01 13:52:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.01 13:52:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.01 13:52:09 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.01 13:52:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.01 13:52:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.01 13:52:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.01 13:52:09 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.01 13:52:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.18 16:38:11 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000317.LCS [2012.11.15 21:26:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 21:26:33 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.01 13:52:10 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.10.07 13:27:37 | 000,000,031 | ---- | C] () -- C:\Windows\Lflor.ini [2012.10.07 13:26:13 | 000,000,039 | ---- | C] () -- C:\Windows\Lesc.ini [2012.10.07 13:24:30 | 000,000,147 | ---- | C] () -- C:\Windows\Lilli3.ini [2012.10.07 13:24:30 | 000,000,000 | ---- | C] () -- C:\Windows\Lgolf.ini [2012.10.07 13:19:10 | 000,000,030 | ---- | C] () -- C:\Windows\Lpin.ini [2012.09.21 19:13:40 | 000,093,696 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe [2012.09.21 19:13:39 | 000,065,024 | ---- | C] () -- C:\Windows\System32\odfox32d.exe [2012.09.05 18:26:05 | 000,000,051 | ---- | C] () -- C:\ProgramData\wkcpfqbiiflkybf [2012.07.15 12:32:23 | 000,000,145 | ---- | C] () -- C:\Windows\Lilli.ini [2012.07.15 12:32:23 | 000,000,000 | ---- | C] () -- C:\Windows\Ldans.ini [2012.07.15 12:32:23 | 000,000,000 | ---- | C] () -- C:\Windows\Lado.ini [2012.07.15 11:47:21 | 000,000,097 | ---- | C] () -- C:\Windows\LilliP.ini [2011.06.13 11:12:16 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.04.22 09:56:59 | 000,025,512 | ---- | C] () -- C:\Users\Jörg Hoffmann\dmviewrc.xml [2010.12.19 20:56:56 | 000,115,598 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe [2010.03.26 19:02:28 | 000,010,471 | ---- | C] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\SmarThruOptions.xml [2010.01.16 11:48:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.01.09 01:16:20 | 000,037,888 | ---- | C] () -- C:\Users\Jörg Hoffmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.01 13:58:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.19 13:05:39 | 000,000,000 | ---- | C] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\wklnhst.dat [2009.09.16 10:29:17 | 000,000,064 | ---- | C] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\mainhst.zgh [2009.09.11 20:01:19 | 000,023,888 | ---- | C] () -- C:\Users\Jörg Hoffmann\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 19:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Babylon [2012.08.19 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Canneverbe Limited [2010.03.11 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Chilirec [2010.01.01 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\DeepBurner [2012.10.05 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\DVDVideoSoft [2012.05.19 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.01 13:36:00 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\GHISLER [2009.09.28 21:32:59 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\GrabPro [2012.11.18 20:17:13 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\ICQ [2010.12.03 22:27:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Iggels [2010.01.01 13:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\myphotobook [2012.08.01 15:14:03 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Obop [2012.10.13 21:28:17 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\OpenCandy [2012.10.13 21:33:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Orbit [2012.07.31 20:49:15 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Orohr [2012.10.13 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\ProgSense [2011.01.25 15:21:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\ProtectDisc [2012.07.22 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Registry Mechanic [2010.04.11 10:04:04 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Samsung [2010.03.26 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\SmarThru4 [2010.01.01 13:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Template [2010.01.01 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\toshiba [2011.12.26 18:42:13 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\TuneUp Software [2011.08.24 15:34:36 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\VidCoder [2010.01.01 13:36:13 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\WinBatch [2012.08.21 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Windows Live Writer [2010.01.01 13:36:13 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\ZipGenius [2010.02.26 15:38:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Hoffmann\AppData\Roaming\Zylom ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.10.17 18:29:54 | 000,000,000 | ---D | M](C:\Users\Jörg Hoffmann\AppData????) -- C:\Users\Jörg Hoffmann\AppData㗜Ƌ㗜Ƌ [2011.10.17 18:29:54 | 000,000,000 | ---D | M](C:\Users\Jörg Hoffmann\AppData????) -- C:\Users\Jörg Hoffmann\AppData㗜Ƌ㗜Ƌ [2010.04.11 10:07:06 | 000,000,000 | ---D | M](C:\Users\Jörg Hoffmann\AppData?z?') -- C:\Users\Jörg Hoffmann\AppData㗜ź䧌' [2010.04.11 10:07:06 | 000,000,000 | ---D | M](C:\Users\Jörg Hoffmann\AppData?z?') -- C:\Users\Jörg Hoffmann\AppData㗜ź䧌' (C:\Users\Jörg Hoffmann\AppData?z?') -- C:\Users\Jörg Hoffmann\AppData㗜ź䧌' (C:\Users\Jörg Hoffmann\AppData????) -- C:\Users\Jörg Hoffmann\AppData㗜Ƌ㗜Ƌ ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP  1B5B4F1@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:F8A67568 < End of report > BESTEN DANK für's Ansehen!!! |
|
24.11.2012, 19:30
| #2 | |||
| /// TB-Ausbilder  | Google öffnet öfters "falsche" Seiten Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Scan mit Combofix
__________________ |
|
25.11.2012, 18:33
| #3 |
| | Google öffnet öfters "falsche" Seiten Hallo Ryder,
__________________vielen Dank dass Du Dich meinem Problem angenommen hast. Nachdem heute am Morgen nichts mehr ging habe ich mich entschlossen das Problem an der Wurzel zu packen. Hab das komplette System geplättet und bin gerade wieder am Installieren. Was würdest Du als Schutzmassnahme gegen Probleme wie meine zu empfehlen? Nochmals besten Dank für Deine Bemühungen!!! Gruß Jörg  |
|
25.11.2012, 20:35
| #4 |
| /// TB-Ausbilder | Google öffnet öfters "falsche" Seiten
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Google öffnet öfters "falsche" Seiten |
| adobe, alert, antivir, autorun, avg, avg secure search, avira, bho, branding, converter, defender, downloader, ebay, explorer, firefox, format, gfiltersvc.exe, google, helper, home, logfile, mp3, object, plug-in, pricerunner, realtek, scan, secure search, server, software, taskhost.exe, wallpapers, windows |
Linear-Darstellung
