| |
| |||||||
Log-Analyse und Auswertung: DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.04.2013, 08:30
| #1 |
| |  DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Moin allerseits, ich habe Probleme mit meinem Browser. Die Startseite und Standardsuchmaschine wurden geändert und eine manuelle Änderung ist nicht mehr möglich. Durch das Lesen anderer Beiträge in diesem Forum wie "delta-search-tab-oeffnen-noch-vorhanden" habe ich die Vermutung, dass mein System einen ähnlichen Virus hat. Weiter war es nicht mehr möglich Youtube Videos abzuspielen. Bisher habe ich noch nichts auf eigene Faust probiert, bis auf ein Updates für den Flashplayer und Java. Das behebte auch prompt das Youtube Problem. Hier mal die Logs:
Code:
ATTFilter OTL logfile created on: 10.04.2013 00:54:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,76% Memory free 7,99 Gb Paging File | 6,54 Gb Available in Paging File | 81,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 17,61 Gb Free Space | 36,07% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe PRC - [2013.03.25 15:50:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.25 15:50:05 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.25 15:50:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.08 16:19:22 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.08.28 08:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 08:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.07.10 13:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe PRC - [2012.07.05 19:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2013.03.08 16:19:21 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.06 10:57:59 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.03.06 10:55:33 | 000,574,416 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll ========== Services (SafeList) ========== SRV - [2013.03.25 15:50:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.25 15:50:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.08 16:19:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012.12.22 23:10:14 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.28 08:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.05 19:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- E:\VPN\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN30422686161726320&UM=2&ctid=CT3279453 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01 [binary data] IE - HKCU\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=2461001F3AD0E917 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDvideoSoft 2.0 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=3&q={searchTerms}&CUI=UN22629397421798942" FF - prefs.js..browser.search.order.1: "Mixi.DJ Search" FF - prefs.js..browser.search.selectedEngine: "DVDvideoSoft 2.0 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917" FF - prefs.js..CT3279453.browser.search.defaultthis.engineName: "true" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mixidj.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80 FF - prefs.js..extensions.enabledAddons: %7B04a8dd1a-4754-48fe-a703-99846646ef04%7D:10.15.0.562 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=2&CUI=UN22629397421798942&UM=&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:19:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.21 08:19:09 | 000,000,000 | ---D | M] [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.04.05 09:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions [2013.03.24 23:21:43 | 000,000,000 | ---D | M] (DVDvideoSoft 2.0) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{04a8dd1a-4754-48fe-a703-99846646ef04} [2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com [2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml [2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.21 08:19:09 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2013.03.08 16:19:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.21 08:18:53 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 00:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe [2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.25 15:50:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:50:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:50:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.24 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013.03.21 18:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013.03.21 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDvideoSoft_2.0 [2013.03.21 18:48:28 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Conduit [2013.03.21 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\SearchProtect [2013.03.21 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Uniblue [2013.03.21 18:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013.03.21 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2013.03.21 18:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.03.21 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\OpenCandy [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.21 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB [2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.03.21 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3GP To MP3 Converter [2013.03.21 08:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3GP2MP3Converter [2013.03.21 08:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj [2013.03.21 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Babylon [2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.10 00:57:14 | 000,377,856 | ---- | M] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe [2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe [2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable [2013.04.10 00:51:38 | 000,050,477 | ---- | M] () -- C:\Users\Farm\Desktop\Defogger.exe [2013.04.10 00:18:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.10 00:18:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.10 00:18:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.10 00:18:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.10 00:18:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 00:17:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.10 00:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 21:16:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 21:16:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 21:08:34 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.09 21:08:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2013.04.09 21:08:19 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 12:25:57 | 000,000,000 | ---- | M] () -- C:\END [2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.21 18:48:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk [2013.03.19 11:51:12 | 000,674,963 | ---- | M] () -- C:\Users\Farm\Desktop\14.Wiederholung.pdf [2013.03.11 17:13:30 | 000,052,969 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-11Milch.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.10 00:57:13 | 000,377,856 | ---- | C] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe [2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable [2013.04.10 00:51:38 | 000,050,477 | ---- | C] () -- C:\Users\Farm\Desktop\Defogger.exe [2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [2013.03.29 11:20:38 | 000,000,000 | ---- | C] () -- C:\END [2013.03.21 18:48:06 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job [2013.03.21 18:48:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk [2013.03.19 11:51:12 | 000,674,963 | ---- | C] () -- C:\Users\Farm\Desktop\14.Wiederholung.pdf [2013.03.11 17:13:29 | 000,052,969 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-11Milch.pdf [2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat [2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.21 08:18:42 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Babylon [2013.03.21 08:19:08 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB [2013.03.21 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft [2012.12.27 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Epson [2012.01.27 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\GarenaPlus [2011.08.28 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\LibreOffice [2013.03.21 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\OpenCandy [2013.03.21 18:48:20 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\SearchProtect [2011.08.28 10:59:18 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Thunderbird [2012.12.28 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\TomTom [2013.03.21 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report >
Code:
ATTFilter OTL Extras logfile created on: 10.04.2013 00:54:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,76% Memory free
7,99 Gb Paging File | 6,54 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 17,61 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe |
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe |
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"DVDvideoSoft_2.0 Toolbar" = DVDvideoSoft 2.0 Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"im" = Garena Plus
"mixidj" = MixiDJ Toolbar
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Wajam" = Wajam
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2013 05:03:45 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.04.2013 14:51:46 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.04.2013 06:18:40 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.04.2013 06:15:26 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.04.2013 03:19:43 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.04.2013 14:40:08 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.04.2013 06:26:07 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 08.04.2013 06:26:41 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 01:12:48 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 05:01:09 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 15:10:13 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = DCOM | ID = 10005
Description =
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 12.03.2013 07:15:16 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 17.03.2013 01:21:49 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 17.03.2013 08:52:49 | Computer Name = Farm-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.03.2013 15:46:19 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 22.03.2013 18:14:39 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 09:10:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Farm\AppData\Local\Temp\kxldypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
.text C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007532cfca 5 bytes JMP 0000000172a54620
.text C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a31465 2 bytes [A3, 75]
.text C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a314bb 2 bytes [A3, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad0e917
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad0e917 (not active ControlSet)
---- EOF - GMER 2.1 ----
Ich hoffe dieser Post entspricht den Regeln im Forum. Lieben Gruß, Nickx. |
|
10.04.2013, 12:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.04.2013, 12:24
| #3 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Hallo cosinus und danke für das Willkommen.
__________________Es ist Avira auf dem System installiert und ich habe einen Scan durchlaufen lassen, nachdem ich den Thread erstellt habe und du geantwortet hast. Allerdings wurden keine Funde gemacht, deshalb habe ich auch darauf verzichet den Log zu posten. Weitere Sicherheitssoftware ist nicht installiert. |
|
10.04.2013, 12:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.04.2013, 18:43
| #5 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Hallo cosinus, ich habe deinen Anweisungen befolgt. Hier mal ein Bericht wie es gelaufen ist: MBAR (Malwarebytes Anti-Rootkit) Meldete beim Start die Vermutung eines Rootkits mit einem Hinweis, wenn ich mir nicht sicher bin möge ich doch bitte "No" klicken. So ist es dann auch gesehen, danach lief der Scan. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 19:20:51
-----------------------------
19:20:51.838 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:51.838 Number of processors: 2 586 0x1706
19:20:51.838 ComputerName: FARM-PC UserName: Farm
19:20:52.418 Initialize success
19:21:02.178 AVAST engine defs: 13041000
19:21:07.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:07.950 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 00000009 Size: 305245MB BusType: 11
19:21:08.080 Disk 0 MBR read successfully
19:21:08.080 Disk 0 MBR scan
19:21:08.090 Disk 0 Windows 7 default MBR code
19:21:08.100 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
19:21:08.130 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 102400000
19:21:08.160 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 105243 MB offset 409600000
19:21:08.250 Disk 0 scanning C:\Windows\system32\drivers
19:21:24.618 Service scanning
19:22:03.888 Modules scanning
19:22:03.908 Disk 0 trace - called modules:
19:22:03.958 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:22:04.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f060]
19:22:04.318 3 CLASSPNP.SYS[fffff880018f743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004750290]
19:22:04.338 Scan finished successfully
19:24:42.792 Disk 0 MBR has been saved successfully to "C:\Users\Farm\Desktop\MBR.dat"
19:24:42.803 The log file has been saved successfully to "C:\Users\Farm\Desktop\aswMBR.txt"
aswMBR Programm ist beim ersten Durchlauf mit einem Hinweis bezüglich eines Rootkits abgestürzt. Zweiter Scan mit der AV-Einstellung "non" funktionierte. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.10.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Farm :: FARM-PC [administrator]
10.04.2013 16:43:41
mbar-log-2013-04-10 (16-43-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26616
Time elapsed: 11 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 19:26:04.0477 4068 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:26:04.0717 4068 ============================================================
19:26:04.0717 4068 Current date / time: 2013/04/10 19:26:04.0717
19:26:04.0717 4068 SystemInfo:
19:26:04.0717 4068
19:26:04.0717 4068 OS Version: 6.1.7601 ServicePack: 1.0
19:26:04.0717 4068 Product type: Workstation
19:26:04.0717 4068 ComputerName: FARM-PC
19:26:04.0717 4068 UserName: Farm
19:26:04.0717 4068 Windows directory: C:\Windows
19:26:04.0717 4068 System windows directory: C:\Windows
19:26:04.0717 4068 Running under WOW64
19:26:04.0717 4068 Processor architecture: Intel x64
19:26:04.0717 4068 Number of processors: 2
19:26:04.0717 4068 Page size: 0x1000
19:26:04.0717 4068 Boot type: Normal boot
19:26:04.0717 4068 ============================================================
19:26:06.0007 4068 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:26:06.0017 4068 ============================================================
19:26:06.0017 4068 \Device\Harddisk0\DR0:
19:26:06.0017 4068 MBR partitions:
19:26:06.0017 4068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
19:26:06.0017 4068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x124F8000
19:26:06.0017 4068 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0xCD8D800
19:26:06.0017 4068 ============================================================
19:26:06.0037 4068 C: <-> \Device\Harddisk0\DR0\Partition1
19:26:06.0067 4068 D: <-> \Device\Harddisk0\DR0\Partition2
19:26:06.0117 4068 E: <-> \Device\Harddisk0\DR0\Partition3
19:26:06.0117 4068 ============================================================
19:26:06.0117 4068 Initialize success
19:26:06.0117 4068 ============================================================
19:26:34.0033 1740 ============================================================
19:26:34.0033 1740 Scan started
19:26:34.0033 1740 Mode: Manual; SigCheck; TDLFS;
19:26:34.0033 1740 ============================================================
19:26:34.0537 1740 ================ Scan system memory ========================
19:26:34.0537 1740 System memory - ok
19:26:34.0537 1740 ================ Scan services =============================
19:26:34.0737 1740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:26:34.0947 1740 1394ohci - ok
19:26:35.0087 1740 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:26:35.0177 1740 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:26:35.0207 1740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:26:35.0287 1740 ACPI - ok
19:26:35.0317 1740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:26:35.0387 1740 AcpiPmi - ok
19:26:35.0457 1740 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:26:35.0507 1740 AdobeARMservice - ok
19:26:35.0637 1740 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:26:35.0687 1740 AdobeFlashPlayerUpdateSvc - ok
19:26:35.0727 1740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:26:35.0807 1740 adp94xx - ok
19:26:35.0867 1740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:26:35.0917 1740 adpahci - ok
19:26:35.0947 1740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:26:35.0997 1740 adpu320 - ok
19:26:36.0037 1740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:26:36.0157 1740 AeLookupSvc - ok
19:26:36.0297 1740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:26:36.0437 1740 AFD - ok
19:26:36.0459 1740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:26:36.0511 1740 agp440 - ok
19:26:36.0527 1740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:26:36.0589 1740 ALG - ok
19:26:36.0619 1740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:26:36.0639 1740 aliide - ok
19:26:36.0649 1740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:26:36.0669 1740 amdide - ok
19:26:36.0689 1740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:26:36.0729 1740 AmdK8 - ok
19:26:36.0739 1740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:26:36.0779 1740 AmdPPM - ok
19:26:36.0809 1740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:26:36.0859 1740 amdsata - ok
19:26:36.0909 1740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:26:36.0962 1740 amdsbs - ok
19:26:36.0994 1740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:26:37.0033 1740 amdxata - ok
19:26:37.0135 1740 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:26:37.0175 1740 AntiVirSchedulerService - ok
19:26:37.0255 1740 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:26:37.0295 1740 AntiVirService - ok
19:26:37.0355 1740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:26:37.0485 1740 AppID - ok
19:26:37.0555 1740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:26:37.0687 1740 AppIDSvc - ok
19:26:37.0717 1740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:26:37.0847 1740 Appinfo - ok
19:26:37.0867 1740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:26:37.0917 1740 arc - ok
19:26:37.0937 1740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:26:37.0987 1740 arcsas - ok
19:26:38.0037 1740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:38.0167 1740 AsyncMac - ok
19:26:38.0227 1740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:26:38.0267 1740 atapi - ok
19:26:38.0317 1740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:26:38.0457 1740 AudioEndpointBuilder - ok
19:26:38.0537 1740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:26:38.0679 1740 AudioSrv - ok
19:26:38.0779 1740 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:26:38.0829 1740 avgntflt - ok
19:26:38.0889 1740 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:26:38.0929 1740 avipbb - ok
19:26:38.0949 1740 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:26:38.0989 1740 avkmgr - ok
19:26:39.0029 1740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:26:39.0099 1740 AxInstSV - ok
19:26:39.0159 1740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:26:39.0249 1740 b06bdrv - ok
19:26:39.0279 1740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:26:39.0403 1740 b57nd60a - ok
19:26:39.0461 1740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:26:39.0543 1740 BDESVC - ok
19:26:39.0583 1740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:26:39.0705 1740 Beep - ok
19:26:39.0755 1740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:26:39.0895 1740 BFE - ok
19:26:39.0995 1740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:26:40.0177 1740 BITS - ok
19:26:40.0197 1740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:40.0277 1740 blbdrive - ok
19:26:40.0317 1740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:26:40.0387 1740 bowser - ok
19:26:40.0407 1740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:26:40.0477 1740 BrFiltLo - ok
19:26:40.0497 1740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:26:40.0557 1740 BrFiltUp - ok
19:26:40.0597 1740 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:26:40.0667 1740 Browser - ok
19:26:40.0827 1740 [ CA2E0AAA6943618108D786FF31848989 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
19:26:41.0077 1740 BrowserProtect ( UnsignedFile.Multi.Generic ) - warning
19:26:41.0077 1740 BrowserProtect - detected UnsignedFile.Multi.Generic (1)
19:26:41.0107 1740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:26:41.0187 1740 Brserid - ok
19:26:41.0217 1740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:41.0297 1740 BrSerWdm - ok
19:26:41.0329 1740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:41.0413 1740 BrUsbMdm - ok
19:26:41.0425 1740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:41.0489 1740 BrUsbSer - ok
19:26:41.0539 1740 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:26:41.0599 1740 BthEnum - ok
19:26:41.0619 1740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:26:41.0689 1740 BTHMODEM - ok
19:26:41.0729 1740 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:26:41.0799 1740 BthPan - ok
19:26:41.0839 1740 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:26:41.0949 1740 BTHPORT - ok
19:26:41.0979 1740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:26:42.0089 1740 bthserv - ok
19:26:42.0179 1740 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:26:42.0239 1740 BTHUSB - ok
19:26:42.0271 1740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:26:42.0420 1740 cdfs - ok
19:26:42.0503 1740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:26:42.0583 1740 cdrom - ok
19:26:42.0623 1740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:26:42.0773 1740 CertPropSvc - ok
19:26:42.0813 1740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:26:42.0863 1740 circlass - ok
19:26:42.0893 1740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:26:42.0973 1740 CLFS - ok
19:26:43.0043 1740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:43.0093 1740 clr_optimization_v2.0.50727_32 - ok
19:26:43.0143 1740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:43.0183 1740 clr_optimization_v2.0.50727_64 - ok
19:26:43.0243 1740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:43.0293 1740 clr_optimization_v4.0.30319_32 - ok
19:26:43.0333 1740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:43.0390 1740 clr_optimization_v4.0.30319_64 - ok
19:26:43.0433 1740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:26:43.0515 1740 CmBatt - ok
19:26:43.0557 1740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:26:43.0597 1740 cmdide - ok
19:26:43.0657 1740 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:26:43.0759 1740 CNG - ok
19:26:43.0779 1740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:26:43.0829 1740 Compbatt - ok
19:26:43.0869 1740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:26:43.0929 1740 CompositeBus - ok
19:26:43.0949 1740 COMSysApp - ok
19:26:43.0969 1740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:26:44.0009 1740 crcdisk - ok
19:26:44.0049 1740 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:26:44.0109 1740 CryptSvc - ok
19:26:44.0149 1740 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:26:44.0189 1740 CVirtA - ok
19:26:44.0319 1740 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND E:\VPN\cvpnd.exe
19:26:44.0483 1740 CVPND - ok
19:26:44.0533 1740 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:26:44.0590 1740 CVPNDRVA - ok
19:26:44.0645 1740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:26:44.0775 1740 DcomLaunch - ok
19:26:44.0845 1740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:26:44.0975 1740 defragsvc - ok
19:26:45.0015 1740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:26:45.0135 1740 DfsC - ok
19:26:45.0175 1740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:26:45.0245 1740 Dhcp - ok
19:26:45.0271 1740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:26:45.0403 1740 discache - ok
19:26:45.0479 1740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:26:45.0499 1740 Disk - ok
19:26:45.0559 1740 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:26:45.0579 1740 DNE - ok
19:26:45.0609 1740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:26:45.0686 1740 Dnscache - ok
19:26:45.0721 1740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:26:45.0851 1740 dot3svc - ok
19:26:45.0931 1740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:26:46.0051 1740 DPS - ok
19:26:46.0081 1740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:26:46.0141 1740 drmkaud - ok
19:26:46.0191 1740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:26:46.0311 1740 DXGKrnl - ok
19:26:46.0356 1740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:26:46.0473 1740 EapHost - ok
19:26:46.0583 1740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:26:46.0763 1740 ebdrv - ok
19:26:46.0783 1740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:26:46.0853 1740 EFS - ok
19:26:46.0913 1740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:26:47.0013 1740 ehRecvr - ok
19:26:47.0053 1740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:26:47.0113 1740 ehSched - ok
19:26:47.0153 1740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:26:47.0272 1740 elxstor - ok
19:26:47.0304 1740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:26:47.0365 1740 ErrDev - ok
19:26:47.0445 1740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:26:47.0609 1740 EventSystem - ok
19:26:47.0689 1740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:26:47.0801 1740 exfat - ok
19:26:47.0861 1740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:26:47.0991 1740 fastfat - ok
19:26:48.0031 1740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:26:48.0121 1740 Fax - ok
19:26:48.0141 1740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:26:48.0201 1740 fdc - ok
19:26:48.0253 1740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:26:48.0394 1740 fdPHost - ok
19:26:48.0445 1740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:26:48.0577 1740 FDResPub - ok
19:26:48.0617 1740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:26:48.0667 1740 FileInfo - ok
19:26:48.0677 1740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:26:48.0817 1740 Filetrace - ok
19:26:48.0897 1740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:26:48.0937 1740 flpydisk - ok
19:26:48.0967 1740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:26:49.0027 1740 FltMgr - ok
19:26:49.0097 1740 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:26:49.0187 1740 FontCache - ok
19:26:49.0237 1740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:49.0277 1740 FontCache3.0.0.0 - ok
19:26:49.0297 1740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:26:49.0347 1740 FsDepends - ok
19:26:49.0383 1740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:26:49.0419 1740 Fs_Rec - ok
19:26:49.0469 1740 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:26:49.0529 1740 fvevol - ok
19:26:49.0569 1740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:26:49.0609 1740 gagp30kx - ok
19:26:49.0669 1740 GGSAFERDriver - ok
19:26:49.0739 1740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:26:49.0871 1740 gpsvc - ok
19:26:50.0001 1740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:50.0041 1740 gupdate - ok
19:26:50.0071 1740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:50.0111 1740 gupdatem - ok
19:26:50.0141 1740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:26:50.0201 1740 hcw85cir - ok
19:26:50.0255 1740 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:26:50.0333 1740 HdAudAddService - ok
19:26:50.0363 1740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:50.0433 1740 HDAudBus - ok
19:26:50.0453 1740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:26:50.0513 1740 HidBatt - ok
19:26:50.0533 1740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:26:50.0593 1740 HidBth - ok
19:26:50.0616 1740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:26:50.0665 1740 HidIr - ok
19:26:50.0695 1740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:26:50.0817 1740 hidserv - ok
19:26:50.0887 1740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:26:50.0947 1740 HidUsb - ok
19:26:50.0999 1740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:26:51.0151 1740 hkmsvc - ok
19:26:51.0191 1740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:26:51.0263 1740 HomeGroupListener - ok
19:26:51.0293 1740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:26:51.0368 1740 HomeGroupProvider - ok
19:26:51.0405 1740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:26:51.0425 1740 HpSAMD - ok
19:26:51.0465 1740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:26:51.0575 1740 HTTP - ok
19:26:51.0585 1740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:26:51.0625 1740 hwpolicy - ok
19:26:51.0645 1740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:51.0717 1740 i8042prt - ok
19:26:51.0787 1740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:26:51.0870 1740 iaStorV - ok
19:26:51.0949 1740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:26:52.0059 1740 idsvc - ok
19:26:52.0069 1740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:26:52.0119 1740 iirsp - ok
19:26:52.0169 1740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:26:52.0333 1740 IKEEXT - ok
19:26:52.0392 1740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:26:52.0424 1740 intelide - ok
19:26:52.0451 1740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:26:52.0481 1740 intelppm - ok
19:26:52.0491 1740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:26:52.0561 1740 IPBusEnum - ok
19:26:52.0581 1740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:52.0631 1740 IpFilterDriver - ok
19:26:52.0681 1740 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:26:52.0731 1740 iphlpsvc - ok
19:26:52.0741 1740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:26:52.0781 1740 IPMIDRV - ok
19:26:52.0801 1740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:26:52.0921 1740 IPNAT - ok
19:26:52.0951 1740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:26:53.0021 1740 IRENUM - ok
19:26:53.0041 1740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:26:53.0091 1740 isapnp - ok
19:26:53.0111 1740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:26:53.0161 1740 iScsiPrt - ok
19:26:53.0191 1740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:53.0231 1740 kbdclass - ok
19:26:53.0261 1740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:26:53.0321 1740 kbdhid - ok
19:26:53.0331 1740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:26:53.0381 1740 KeyIso - ok
19:26:53.0411 1740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:26:53.0461 1740 KSecDD - ok
19:26:53.0511 1740 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:26:53.0561 1740 KSecPkg - ok
19:26:53.0591 1740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:26:53.0721 1740 ksthunk - ok
19:26:53.0761 1740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:26:53.0893 1740 KtmRm - ok
19:26:53.0943 1740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:26:54.0073 1740 LanmanServer - ok
19:26:54.0113 1740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:26:54.0243 1740 LanmanWorkstation - ok
19:26:54.0325 1740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:26:54.0473 1740 lltdio - ok
19:26:54.0537 1740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:26:54.0657 1740 lltdsvc - ok
19:26:54.0677 1740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:26:54.0797 1740 lmhosts - ok
19:26:54.0877 1740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:26:54.0927 1740 LSI_FC - ok
19:26:54.0947 1740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:26:54.0987 1740 LSI_SAS - ok
19:26:55.0007 1740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:26:55.0057 1740 LSI_SAS2 - ok
19:26:55.0077 1740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:26:55.0127 1740 LSI_SCSI - ok
19:26:55.0157 1740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:26:55.0277 1740 luafv - ok
19:26:55.0307 1740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:26:55.0367 1740 Mcx2Svc - ok
19:26:55.0387 1740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:26:55.0437 1740 megasas - ok
19:26:55.0477 1740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:26:55.0537 1740 MegaSR - ok
19:26:55.0557 1740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:26:55.0677 1740 MMCSS - ok
19:26:55.0727 1740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:26:55.0847 1740 Modem - ok
19:26:55.0917 1740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:26:55.0977 1740 monitor - ok
19:26:55.0997 1740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:26:56.0037 1740 mouclass - ok
19:26:56.0071 1740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:26:56.0119 1740 mouhid - ok
19:26:56.0129 1740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:26:56.0179 1740 mountmgr - ok
19:26:56.0249 1740 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:26:56.0289 1740 MozillaMaintenance - ok
19:26:56.0341 1740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:26:56.0391 1740 mpio - ok
19:26:56.0411 1740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:26:56.0521 1740 mpsdrv - ok
19:26:56.0613 1740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:26:56.0753 1740 MpsSvc - ok
19:26:56.0793 1740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:26:56.0884 1740 MRxDAV - ok
19:26:56.0941 1740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:56.0995 1740 mrxsmb - ok
19:26:57.0028 1740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:57.0047 1740 mrxsmb10 - ok
19:26:57.0057 1740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:57.0087 1740 mrxsmb20 - ok
19:26:57.0117 1740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:26:57.0137 1740 msahci - ok
19:26:57.0157 1740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:26:57.0177 1740 msdsm - ok
19:26:57.0197 1740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:26:57.0227 1740 MSDTC - ok
19:26:57.0267 1740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:26:57.0341 1740 Msfs - ok
19:26:57.0365 1740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:26:57.0429 1740 mshidkmdf - ok
19:26:57.0449 1740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:26:57.0469 1740 msisadrv - ok
19:26:57.0509 1740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:26:57.0569 1740 MSiSCSI - ok
19:26:57.0579 1740 msiserver - ok
19:26:57.0609 1740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:26:57.0669 1740 MSKSSRV - ok
19:26:57.0689 1740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:57.0749 1740 MSPCLOCK - ok
19:26:57.0759 1740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:26:57.0829 1740 MSPQM - ok
19:26:57.0849 1740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:26:57.0879 1740 MsRPC - ok
19:26:57.0899 1740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:57.0919 1740 mssmbios - ok
19:26:57.0939 1740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:26:57.0999 1740 MSTEE - ok
19:26:58.0019 1740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:26:58.0039 1740 MTConfig - ok
19:26:58.0049 1740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:26:58.0079 1740 Mup - ok
19:26:58.0120 1740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:26:58.0211 1740 napagent - ok
19:26:58.0271 1740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:26:58.0311 1740 NativeWifiP - ok
19:26:58.0361 1740 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:26:58.0451 1740 NDIS - ok
19:26:58.0471 1740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:58.0591 1740 NdisCap - ok
19:26:58.0671 1740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:58.0791 1740 NdisTapi - ok
19:26:58.0851 1740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:58.0971 1740 Ndisuio - ok
19:26:59.0031 1740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:59.0162 1740 NdisWan - ok
19:26:59.0183 1740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:26:59.0273 1740 NDProxy - ok
19:26:59.0293 1740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:26:59.0423 1740 NetBIOS - ok
19:26:59.0485 1740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:26:59.0605 1740 NetBT - ok
19:26:59.0658 1740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:26:59.0717 1740 Netlogon - ok
19:26:59.0799 1740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:26:59.0941 1740 Netman - ok
19:27:00.0021 1740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:27:00.0171 1740 netprofm - ok
19:27:00.0261 1740 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:00.0301 1740 NetTcpPortSharing - ok
19:27:00.0603 1740 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:27:00.0963 1740 NETw5s64 - ok
19:27:01.0155 1740 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:27:01.0395 1740 netw5v64 - ok
19:27:01.0425 1740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:27:01.0475 1740 nfrd960 - ok
19:27:01.0505 1740 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:27:01.0575 1740 NlaSvc - ok
19:27:01.0605 1740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:27:01.0755 1740 Npfs - ok
19:27:01.0807 1740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:27:01.0927 1740 nsi - ok
19:27:01.0937 1740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:27:02.0057 1740 nsiproxy - ok
19:27:02.0207 1740 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:27:02.0357 1740 Ntfs - ok
19:27:02.0397 1740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:27:02.0517 1740 Null - ok
19:27:02.0897 1740 [ 9DCB4E47FEA1EDAE38168911E6004D3C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:27:03.0539 1740 nvlddmkm - ok
19:27:03.0589 1740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:27:03.0619 1740 nvraid - ok
19:27:03.0629 1740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:27:03.0659 1740 nvstor - ok
19:27:03.0689 1740 [ 015B7A60674F849FF8395CEAFFF9CAFD ] nvsvc C:\Windows\system32\nvvsvc.exe
19:27:03.0719 1740 nvsvc - ok
19:27:03.0739 1740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:27:03.0769 1740 nv_agp - ok
19:27:03.0779 1740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:27:03.0809 1740 ohci1394 - ok
19:27:03.0869 1740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:03.0889 1740 ose - ok
19:27:04.0089 1740 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:27:04.0411 1740 osppsvc - ok
19:27:04.0471 1740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:27:04.0551 1740 p2pimsvc - ok
19:27:04.0591 1740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:27:04.0651 1740 p2psvc - ok
19:27:04.0691 1740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:27:04.0741 1740 Parport - ok
19:27:04.0781 1740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:27:04.0821 1740 partmgr - ok
19:27:04.0851 1740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:27:04.0921 1740 PcaSvc - ok
19:27:04.0951 1740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:27:05.0001 1740 pci - ok
19:27:05.0021 1740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:27:05.0071 1740 pciide - ok
19:27:05.0091 1740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:27:05.0141 1740 pcmcia - ok
19:27:05.0171 1740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:27:05.0221 1740 pcw - ok
19:27:05.0267 1740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:27:05.0413 1740 PEAUTH - ok
19:27:05.0503 1740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:27:05.0563 1740 PerfHost - ok
19:27:05.0653 1740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:27:05.0809 1740 pla - ok
19:27:05.0885 1740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:27:05.0967 1740 PlugPlay - ok
19:27:05.0987 1740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:27:06.0047 1740 PNRPAutoReg - ok
19:27:06.0095 1740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:27:06.0149 1740 PNRPsvc - ok
19:27:06.0179 1740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:27:06.0321 1740 PolicyAgent - ok
19:27:06.0393 1740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:27:06.0471 1740 Power - ok
19:27:06.0495 1740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:27:06.0555 1740 PptpMiniport - ok
19:27:06.0575 1740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:27:06.0605 1740 Processor - ok
19:27:06.0645 1740 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:27:06.0677 1740 ProfSvc - ok
19:27:06.0697 1740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:27:06.0717 1740 ProtectedStorage - ok
19:27:06.0737 1740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:27:06.0797 1740 Psched - ok
19:27:06.0857 1740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:27:06.0937 1740 ql2300 - ok
19:27:06.0957 1740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:27:06.0977 1740 ql40xx - ok
19:27:07.0007 1740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:27:07.0087 1740 QWAVE - ok
19:27:07.0119 1740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:27:07.0189 1740 QWAVEdrv - ok
19:27:07.0219 1740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:27:07.0329 1740 RasAcd - ok
19:27:07.0391 1740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:07.0501 1740 RasAgileVpn - ok
19:27:07.0551 1740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:27:07.0671 1740 RasAuto - ok
19:27:07.0741 1740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:07.0861 1740 Rasl2tp - ok
19:27:07.0891 1740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:27:08.0003 1740 RasMan - ok
19:27:08.0053 1740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:08.0183 1740 RasPppoe - ok
19:27:08.0193 1740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:27:08.0313 1740 RasSstp - ok
19:27:08.0383 1740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:27:08.0503 1740 rdbss - ok
19:27:08.0553 1740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:27:08.0613 1740 rdpbus - ok
19:27:08.0633 1740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:27:08.0749 1740 RDPCDD - ok
19:27:08.0815 1740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:27:08.0925 1740 RDPENCDD - ok
19:27:08.0987 1740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:27:09.0097 1740 RDPREFMP - ok
19:27:09.0207 1740 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:27:09.0277 1740 RdpVideoMiniport - ok
19:27:09.0307 1740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:27:09.0386 1740 RDPWD - ok
19:27:09.0419 1740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:27:09.0482 1740 rdyboost - ok
19:27:09.0511 1740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:27:09.0631 1740 RemoteAccess - ok
19:27:09.0691 1740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:27:09.0815 1740 RemoteRegistry - ok
19:27:09.0852 1740 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:27:09.0913 1740 RFCOMM - ok
19:27:09.0933 1740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:27:10.0053 1740 RpcEptMapper - ok
19:27:10.0103 1740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:27:10.0173 1740 RpcLocator - ok
19:27:10.0232 1740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:27:10.0367 1740 RpcSs - ok
19:27:10.0449 1740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:27:10.0523 1740 rspndr - ok
19:27:10.0548 1740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:27:10.0571 1740 SamSs - ok
19:27:10.0593 1740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:27:10.0613 1740 sbp2port - ok
19:27:10.0643 1740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:27:10.0703 1740 SCardSvr - ok
19:27:10.0713 1740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:27:10.0773 1740 scfilter - ok
19:27:10.0823 1740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:27:10.0965 1740 Schedule - ok
19:27:10.0995 1740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:27:11.0095 1740 SCPolicySvc - ok
19:27:11.0165 1740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:27:11.0225 1740 SDRSVC - ok
19:27:11.0275 1740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:27:11.0405 1740 secdrv - ok
19:27:11.0485 1740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:27:11.0595 1740 seclogon - ok
19:27:11.0675 1740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:27:11.0795 1740 SENS - ok
19:27:11.0855 1740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:27:11.0905 1740 SensrSvc - ok
19:27:11.0925 1740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:27:11.0985 1740 Serenum - ok
19:27:12.0024 1740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:27:12.0087 1740 Serial - ok
19:27:12.0107 1740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:27:12.0167 1740 sermouse - ok
19:27:12.0207 1740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:27:12.0340 1740 SessionEnv - ok
19:27:12.0366 1740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:27:12.0423 1740 sffdisk - ok
19:27:12.0489 1740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:27:12.0549 1740 sffp_mmc - ok
19:27:12.0559 1740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:27:12.0629 1740 sffp_sd - ok
19:27:12.0639 1740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:27:12.0699 1740 sfloppy - ok
19:27:12.0739 1740 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:27:12.0869 1740 SharedAccess - ok
19:27:12.0929 1740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:27:13.0039 1740 ShellHWDetection - ok
19:27:13.0079 1740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:27:13.0119 1740 SiSRaid2 - ok
19:27:13.0159 1740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:27:13.0209 1740 SiSRaid4 - ok
19:27:13.0419 1740 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:27:13.0629 1740 Skype C2C Service - ok
19:27:13.0719 1740 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:27:13.0759 1740 SkypeUpdate - ok
19:27:13.0789 1740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:27:13.0899 1740 Smb - ok
19:27:13.0979 1740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:27:14.0029 1740 SNMPTRAP - ok
19:27:14.0049 1740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:27:14.0089 1740 spldr - ok
19:27:14.0149 1740 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:27:14.0219 1740 Spooler - ok
19:27:14.0339 1740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:27:14.0649 1740 sppsvc - ok
19:27:14.0669 1740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:27:14.0789 1740 sppuinotify - ok
19:27:14.0859 1740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:27:14.0939 1740 srv - ok
19:27:14.0979 1740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:27:15.0059 1740 srv2 - ok
19:27:15.0089 1740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:27:15.0139 1740 srvnet - ok
19:27:15.0211 1740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:27:15.0342 1740 SSDPSRV - ok
19:27:15.0379 1740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:27:15.0454 1740 SstpSvc - ok
19:27:15.0493 1740 Steam Client Service - ok
19:27:15.0543 1740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:27:15.0573 1740 stexstor - ok
19:27:15.0613 1740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:27:15.0693 1740 stisvc - ok
19:27:15.0703 1740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:27:15.0753 1740 swenum - ok
19:27:15.0783 1740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:27:15.0913 1740 swprv - ok
19:27:16.0003 1740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:27:16.0163 1740 SysMain - ok
19:27:16.0193 1740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:27:16.0273 1740 TabletInputService - ok
19:27:16.0303 1740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:27:16.0425 1740 TapiSrv - ok
19:27:16.0445 1740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:27:16.0505 1740 TBS - ok
19:27:16.0585 1740 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:27:16.0745 1740 Tcpip - ok
19:27:16.0875 1740 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:27:17.0004 1740 TCPIP6 - ok
19:27:17.0067 1740 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:27:17.0107 1740 tcpipreg - ok
19:27:17.0159 1740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:27:17.0209 1740 TDPIPE - ok
19:27:17.0249 1740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:27:17.0279 1740 TDTCP - ok
19:27:17.0309 1740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:27:17.0369 1740 tdx - ok
19:27:17.0379 1740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:27:17.0399 1740 TermDD - ok
19:27:17.0449 1740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:27:17.0579 1740 TermService - ok
19:27:17.0619 1740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:27:17.0689 1740 Themes - ok
19:27:17.0709 1740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:27:17.0819 1740 THREADORDER - ok
19:27:17.0919 1740 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
19:27:17.0959 1740 TomTomHOMEService - ok
19:27:17.0979 1740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:27:18.0089 1740 TrkWks - ok
19:27:18.0199 1740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:27:18.0309 1740 TrustedInstaller - ok
19:27:18.0371 1740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:27:18.0457 1740 tssecsrv - ok
19:27:18.0493 1740 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:27:18.0533 1740 TsUsbFlt - ok
19:27:18.0553 1740 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:27:18.0583 1740 TsUsbGD - ok
19:27:18.0613 1740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:27:18.0733 1740 tunnel - ok
19:27:18.0753 1740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:27:18.0793 1740 uagp35 - ok
19:27:18.0823 1740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:27:18.0943 1740 udfs - ok
19:27:19.0023 1740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:27:19.0083 1740 UI0Detect - ok
19:27:19.0113 1740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:27:19.0153 1740 uliagpkx - ok
19:27:19.0183 1740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:27:19.0243 1740 umbus - ok
19:27:19.0253 1740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:27:19.0313 1740 UmPass - ok
19:27:19.0367 1740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:27:19.0485 1740 upnphost - ok
19:27:19.0535 1740 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:27:19.0605 1740 usbaudio - ok
19:27:19.0645 1740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:27:19.0695 1740 usbccgp - ok
19:27:19.0725 1740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:27:19.0785 1740 usbcir - ok
19:27:19.0805 1740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:27:19.0855 1740 usbehci - ok
19:27:19.0895 1740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:27:19.0975 1740 usbhub - ok
19:27:19.0995 1740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:27:20.0055 1740 usbohci - ok
19:27:20.0065 1740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:27:20.0127 1740 usbprint - ok
19:27:20.0157 1740 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:27:20.0217 1740 usbscan - ok
19:27:20.0247 1740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:27:20.0307 1740 USBSTOR - ok
19:27:20.0337 1740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:27:20.0397 1740 usbuhci - ok
19:27:20.0437 1740 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:27:20.0507 1740 usbvideo - ok
19:27:20.0537 1740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:27:20.0657 1740 UxSms - ok
19:27:20.0727 1740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:27:20.0767 1740 VaultSvc - ok
19:27:20.0787 1740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:27:20.0837 1740 vdrvroot - ok
19:27:20.0877 1740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:27:21.0007 1740 vds - ok
19:27:21.0017 1740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:27:21.0077 1740 vga - ok
19:27:21.0087 1740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:27:21.0207 1740 VgaSave - ok
19:27:21.0277 1740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:27:21.0340 1740 vhdmp - ok
19:27:21.0370 1740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:27:21.0424 1740 viaide - ok
19:27:21.0463 1740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:27:21.0501 1740 volmgr - ok
19:27:21.0543 1740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:27:21.0593 1740 volmgrx - ok
19:27:21.0613 1740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:27:21.0643 1740 volsnap - ok
19:27:21.0663 1740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:27:21.0683 1740 vsmraid - ok
19:27:21.0753 1740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:27:21.0933 1740 VSS - ok
19:27:22.0003 1740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:27:22.0073 1740 vwifibus - ok
19:27:22.0113 1740 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:27:22.0193 1740 vwififlt - ok
19:27:22.0223 1740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:27:22.0353 1740 W32Time - ok
19:27:22.0405 1740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:27:22.0465 1740 WacomPen - ok
19:27:22.0505 1740 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
19:27:22.0525 1740 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
19:27:22.0525 1740 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
19:27:22.0565 1740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:27:22.0677 1740 WANARP - ok
19:27:22.0687 1740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:27:22.0797 1740 Wanarpv6 - ok
19:27:22.0887 1740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:27:22.0937 1740 wbengine - ok
19:27:22.0957 1740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:27:22.0997 1740 WbioSrvc - ok
19:27:23.0017 1740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:27:23.0087 1740 wcncsvc - ok
19:27:23.0117 1740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:27:23.0177 1740 WcsPlugInService - ok
19:27:23.0197 1740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:27:23.0247 1740 Wd - ok
19:27:23.0297 1740 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:27:23.0407 1740 Wdf01000 - ok
19:27:23.0437 1740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:27:23.0517 1740 WdiServiceHost - ok
19:27:23.0527 1740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:27:23.0587 1740 WdiSystemHost - ok
19:27:23.0657 1740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:27:23.0747 1740 WebClient - ok
19:27:23.0777 1740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:27:23.0897 1740 Wecsvc - ok
19:27:23.0917 1740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:27:24.0017 1740 wercplsupport - ok
19:27:24.0037 1740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:27:24.0097 1740 WerSvc - ok
19:27:24.0137 1740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:27:24.0187 1740 WfpLwf - ok
19:27:24.0197 1740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:27:24.0217 1740 WIMMount - ok
19:27:24.0227 1740 WinDefend - ok
19:27:24.0247 1740 WinHttpAutoProxySvc - ok
19:27:24.0327 1740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:27:24.0395 1740 Winmgmt - ok
19:27:24.0459 1740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:27:24.0539 1740 WinRM - ok
19:27:24.0599 1740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:27:24.0729 1740 Wlansvc - ok
19:27:24.0739 1740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:27:24.0789 1740 WmiAcpi - ok
19:27:24.0829 1740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:27:24.0889 1740 wmiApSrv - ok
19:27:24.0909 1740 WMPNetworkSvc - ok
19:27:24.0939 1740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:27:24.0989 1740 WPCSvc - ok
19:27:25.0019 1740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:27:25.0079 1740 WPDBusEnum - ok
19:27:25.0119 1740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:27:25.0229 1740 ws2ifsl - ok
19:27:25.0299 1740 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:27:25.0369 1740 wscsvc - ok
19:27:25.0379 1740 WSearch - ok
19:27:25.0489 1740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:27:25.0679 1740 wuauserv - ok
19:27:25.0739 1740 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:27:25.0799 1740 WudfPf - ok
19:27:25.0839 1740 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:25.0899 1740 WUDFRd - ok
19:27:25.0929 1740 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:27:25.0989 1740 wudfsvc - ok
19:27:26.0029 1740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:27:26.0099 1740 WwanSvc - ok
19:27:26.0159 1740 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:27:26.0249 1740 yukonw7 - ok
19:27:26.0299 1740 ================ Scan global ===============================
19:27:26.0329 1740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:27:26.0369 1740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:27:26.0389 1740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:27:26.0419 1740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:27:26.0449 1740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:27:26.0469 1740 [Global] - ok
19:27:26.0469 1740 ================ Scan MBR ==================================
19:27:26.0489 1740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:27:26.0849 1740 \Device\Harddisk0\DR0 - ok
19:27:26.0849 1740 ================ Scan VBR ==================================
19:27:26.0849 1740 [ 0E6B778113C630AA4A9A7349C3C8070A ] \Device\Harddisk0\DR0\Partition1
19:27:26.0859 1740 \Device\Harddisk0\DR0\Partition1 - ok
19:27:26.0889 1740 [ 60B023BB38663952C5F611DB995871BE ] \Device\Harddisk0\DR0\Partition2
19:27:26.0889 1740 \Device\Harddisk0\DR0\Partition2 - ok
19:27:26.0919 1740 [ E74A08C8358625A6BFF3E1D8CE4CCFF4 ] \Device\Harddisk0\DR0\Partition3
19:27:26.0919 1740 \Device\Harddisk0\DR0\Partition3 - ok
19:27:26.0919 1740 ============================================================
19:27:26.0919 1740 Scan finished
19:27:26.0919 1740 ============================================================
19:27:26.0969 0872 Detected object count: 2
19:27:26.0969 0872 Actual detected object count: 2
19:27:58.0735 0872 BrowserProtect ( UnsignedFile.Multi.Generic ) - skipped by user
19:27:58.0735 0872 BrowserProtect ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:27:58.0745 0872 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:27:58.0745 0872 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:28:25.0190 3964 Deinitialize success
Ich hoffe natürlich, dass der Schaden sich in Grenzen hält, aber ich kann nichts mit den Logs anfangen. Gruß, Nickx. |
|
10.04.2013, 22:11
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar |
|
18.04.2013, 20:35
| #7 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Hallo Cosinus, Ich war anderweitig beschäftigt und komme jetzt erst dazu den übrigen Scans zu machen. Hier die Logs:
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 11.04.2013 at 14:35:31,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] browserprotect
Successfully deleted: [Service] browserprotect
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\driverscanner
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
Failed to delete: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-534391179-305817613-1184640974-1000\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\mixidj
Successfully deleted: [Registry Key] hkey_local_machine\software\mixidj
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3279453
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
~~~ Files
Successfully deleted: [File] "C:\Windows\tasks\driverscanner.job"
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\mixidj"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mixidj"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\microsoft\windows\start menu\programs\browserprotect"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
~~~ FireFox
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\user.js
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\smartbar
Successfully deleted the following from C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\prefs.js
user_pref("CT3279453.1000082.isPlayDisplay", "true");
user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT3279453.1000234.TWC_TMP_city", "NUREMBERG");
user_pref("CT3279453.1000234.TWC_TMP_country", "DE");
user_pref("CT3279453.1000234.TWC_country", "GERMANY");
user_pref("CT3279453.1000234.TWC_locId", "GMBY0250");
user_pref("CT3279453.1000234.TWC_location", "Nuremberg, Germany");
user_pref("CT3279453.1000234.TWC_region", "DE");
user_pref("CT3279453.1000234.TWC_temp_dis", "c");
user_pref("CT3279453.1000234.TWC_wind_dis", "kmh");
user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"6°C\",\"temperatureClear\":\"6°C\",\"highTemperature\":\"9°C\",\"lowTemperature\":\"5°C\
user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.FirstTime", "true");
user_pref("CT3279453.FirstTimeFF3", "true");
user_pref("CT3279453.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3279453.UserID", "UN22629397421798942");
user_pref("CT3279453.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3279453.enableFix404ByUser", "TRUE");
user_pref("CT3279453.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT3279453.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3279453.fixUrls", true);
user_pref("CT3279453.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "OUVCNzkzOUQtQTAyNy00OURELUJEQzctMEY0NkQwQkM4NEM
user_pref("CT3279453.isCheckedStartAsHidden", true);
user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.isFirstTimeToolbarLoading", "false");
user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=15&CUI=UN2262939742179894
user_pref("CT3279453.lastVersion", "10.15.0.562");
user_pref("CT3279453.mam_gk_installer_preapproved.enc", "VFJVRQ==");
user_pref("CT3279453.migrateAppsAndComponents", true);
user_pref("CT3279453.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? - Standard Für alle Hilfe
user_pref("CT3279453.price-gong.isManagedApp", "true");
user_pref("CT3279453.search.searchAppId", "130029007934982115");
user_pref("CT3279453.search.searchCount", "0");
user_pref("CT3279453.searchInNewTabEnabledByUser", "true");
user_pref("CT3279453.searchInNewTabEnabledInHidden", "true");
user_pref("CT3279453.searchUserMode", "2");
user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279453\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDvideoSoft20.OurToolbar.com//xpi\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDvideoSoft 2.0\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365573697733");
user_pref("CT3279453.serviceLayer_services_appsMetadata_lastUpdate", "1365573584512");
user_pref("CT3279453.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365573697515");
user_pref("CT3279453.serviceLayer_services_location_lastUpdate", "1365573696840");
user_pref("CT3279453.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365573697635");
user_pref("CT3279453.serviceLayer_services_searchAPI_lastUpdate", "1365573696862");
user_pref("CT3279453.serviceLayer_services_serviceMap_lastUpdate", "1365573696707");
user_pref("CT3279453.serviceLayer_services_setupAPI_lastUpdate", "1365573696905");
user_pref("CT3279453.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365573697323");
user_pref("CT3279453.serviceLayer_services_toolbarSettings_lastUpdate", "1365573583661");
user_pref("CT3279453.serviceLayer_services_translation_lastUpdate", "1365573697276");
user_pref("CT3279453.settingsINI", true);
user_pref("CT3279453.showToolbarPermission", "false");
user_pref("CT3279453.smartbar.CTID", "CT3279453");
user_pref("CT3279453.smartbar.Uninstall", "0");
user_pref("CT3279453.smartbar.homepage", true);
user_pref("CT3279453.smartbar.toolbarName", "DVDvideoSoft 2.0 ");
user_pref("CT3279453.toolbarBornServerTime", "10-4-2013");
user_pref("CT3279453.toolbarCurrentServerTime", "10-4-2013");
user_pref("CT3279453.toolbarLoginClientTime", "Wed Apr 10 2013 07:59:36 GMT+0200");
user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365573575724,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("avg.install.userHPSettings", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917");
user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=NT_ss&mntrId=2461001F3AD0E917");
user_pref("extensions.mixidj.tlbrId", "mdelta");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279453&SearchSource=13&CUI=UN22629397421798942");
user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:56:10,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 11/04/2013 um 15:57:37 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Farm - FARM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Farm\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\bprotector_extensions.sqlite
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Users\Farm\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Farm\AppData\LocalLow\DVDvideoSoft_2.0
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\592d8d8b468be41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\592d8d8b468be41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC2BABBE-9E03-45B3-8218-52989CB9E6EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAD8501B-E9C6-4F6E-9C7B-4EE6B548712A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\prefs.js
Gelöscht : user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"6°C\",\"temperatu[...]
Gelöscht : user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3279453.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Für alle Hilfesuchenden! Was mus[...]
Gelöscht : user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&m[...]
Gelöscht : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=NT_ss&mntrId=24[...]
*************************
AdwCleaner[S1].txt - [7853 octets] - [11/04/2013 15:57:37]
########## EOF - C:\AdwCleaner[S1].txt - [7913 octets] ##########
Extras Code:
ATTFilter OTL Extras logfile created on: 18.04.2013 21:17:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,20% Memory free
7,99 Gb Paging File | 6,72 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,60 Gb Free Space | 31,95% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe |
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe |
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"mixidj" = MixiDJ Toolbar
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2013 10:04:48 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.04.2013 13:55:52 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 15.04.2013 13:56:23 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2013 04:56:19 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2013 15:14:28 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 18.04.2013 21:17:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,20% Memory free 7,99 Gb Paging File | 6,72 Gb Available in Paging File | 84,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 15,60 Gb Free Space | 31,95% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Users\Farm\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01 [binary data] IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=2461001F3AD0E917 IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN30422686161726320&UM=2 IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:19:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.04.10 09:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions [2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com [2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml [2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 16:19:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.21 08:18:53 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.11 14:34:32 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Farm\Desktop\JRT.exe [2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\Farm\Desktop\mbar [2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia [2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.10 01:18:34 | 000,896,928 | ---- | C] (Oracle Corporation) -- C:\Users\Farm\Desktop\jxpiinstall.exe [2013.04.10 00:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe [2013.03.26 08:18:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.25 15:50:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:50:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:50:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.24 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2013.03.21 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Uniblue [2013.03.21 18:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2013.03.21 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2013.03.21 18:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB [2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.03.21 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3GP To MP3 Converter [2013.03.21 08:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3GP2MP3Converter [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.18 21:20:20 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 21:20:20 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 21:17:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.18 21:17:11 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.18 21:17:11 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.18 21:17:11 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.18 21:17:11 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.18 21:12:48 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.18 21:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.18 21:12:34 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys [2013.04.18 09:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.18 09:01:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.11 08:11:06 | 000,613,083 | ---- | M] () -- C:\Users\Farm\Desktop\adwcleaner.exe [2013.04.11 08:10:55 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Farm\Desktop\JRT.exe [2013.04.10 19:24:42 | 000,000,512 | ---- | M] () -- C:\Users\Farm\Desktop\MBR.dat [2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.10 01:18:34 | 000,896,928 | ---- | M] (Oracle Corporation) -- C:\Users\Farm\Desktop\jxpiinstall.exe [2013.04.10 00:57:14 | 000,377,856 | ---- | M] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe [2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe [2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable [2013.04.10 00:51:38 | 000,050,477 | ---- | M] () -- C:\Users\Farm\Desktop\Defogger.exe [2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.21 18:48:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.11 08:11:05 | 000,613,083 | ---- | C] () -- C:\Users\Farm\Desktop\adwcleaner.exe [2013.04.10 19:24:42 | 000,000,512 | ---- | C] () -- C:\Users\Farm\Desktop\MBR.dat [2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 00:57:13 | 000,377,856 | ---- | C] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe [2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable [2013.04.10 00:51:38 | 000,050,477 | ---- | C] () -- C:\Users\Farm\Desktop\Defogger.exe [2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [2013.03.21 18:48:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk [2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat [2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Gruß, Nickx. |
|
19.04.2013, 00:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Bitte JRT neu runterladen und noch neu ausführen. Es gab in der Zwischenzeit gleich zwei neue Versionen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2013, 08:02
| #9 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Moin, die Symptome sind übrigens verschwunden, das System scheint wieder einwandfrei zu funktionieren. JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.5 (04.17.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 19.04.2013 at 8:49:46,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Emptied folder: C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2013 at 8:59:01,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
19.04.2013, 14:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Ok, bitte ein frisches OTL-Log posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2013, 15:10
| #11 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar OTL Code:
ATTFilter OTL logfile created on: 25.04.2013 15:26:37 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,05% Memory free 7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,13% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS Drive E: | 102,78 Gb Total Space | 90,94 Gb Free Space | 88,48% Space Free | Partition Type: NTFS Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Farm\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01 [binary data] IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope = {E85CD372-C6FC-4B7D-B252-F6C2B704FCC4} IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN30422686161726320&UM=2 IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.18 22:13:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions [2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.04.10 09:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions [2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com [2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml [2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.18 22:13:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia [2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.25 15:01:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.25 14:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.25 13:34:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.24 12:01:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 12:01:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.24 03:22:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.24 03:22:59 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.24 03:22:59 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.24 03:22:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.24 03:22:59 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.24 03:18:58 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 03:18:21 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable [2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.04.23 23:23:59 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable [2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf [2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat [2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 15:26:38 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,05% Memory free
7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 90,94 Gb Free Space | 88,48% Space Free | Partition Type: NTFS
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe |
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{E79239AB-2753-414E-A1CF-74DC8E3E6128}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe |
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{188E6E94-2C81-4363-9658-634E304CCE8F}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe |
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe |
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"mixidj" = MixiDJ Toolbar
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2013 04:44:01 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2013 02:19:39 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2013 13:10:30 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 15:46:32 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 23.04.2013 15:47:11 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 21:20:14 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.04.2013 13:54:22 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
< End of report >
|
|
25.04.2013, 16:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Da ist imme rnoch Toolbar-Müll drin, JRT und adwCleaner wieder neu runterladen und nochmal ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2013, 21:02
| #13 |
| | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Mein Verschulden! Hier dann die Logs. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 25.04.2013 at 20:20:27,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\crmixidjtb"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com
Emptied folder: C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 20:25:06,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 25/04/2013 um 20:15:19 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Farm - FARM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Farm\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\searchplugins\mixidj.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B49962AF-CAB9-44DE-8729-A4369F44BA0D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7976 octets] - [11/04/2013 15:57:37]
AdwCleaner[S2].txt - [2830 octets] - [25/04/2013 20:15:19]
########## EOF - C:\AdwCleaner[S2].txt - [2890 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.04.2013 20:29:47 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,78% Memory free
7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,09 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 81,52 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Farm\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01 [binary data]
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.18 22:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.25 20:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.18 22:13:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6d8f16b-ac7c-11e2-a4bc-001f3ad0e917}\Shell - "" = AutoRun
O33 - MountPoints2\{d6d8f16b-ac7c-11e2-a4bc-001f3ad0e917}\Shell\AutoRun\command - "" = G:\CDStart.exe
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.25 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Farm\Documents\My Games
[2013.04.25 20:10:47 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013.04.25 20:10:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013.04.25 20:10:47 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013.04.25 20:10:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013.04.25 20:10:47 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013.04.25 20:10:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013.04.25 20:10:47 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2013.04.25 20:10:47 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2013.04.25 20:10:46 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013.04.25 20:10:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013.04.25 16:58:15 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013.04.25 16:58:15 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013.04.25 16:58:15 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013.04.25 16:58:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.04.25 16:58:14 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013.04.25 16:58:14 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013.04.25 16:58:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013.04.25 16:58:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013.04.25 16:58:13 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013.04.25 16:58:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.04.25 16:58:12 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013.04.25 16:58:12 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013.04.25 16:58:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013.04.25 16:58:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013.04.25 16:58:11 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.04.25 16:58:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.04.25 16:58:11 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013.04.25 16:58:11 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013.04.25 16:58:10 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013.04.25 16:58:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013.04.25 16:58:10 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013.04.25 16:58:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013.04.25 16:58:09 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013.04.25 16:58:09 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013.04.25 16:58:09 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013.04.25 16:58:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013.04.25 16:58:08 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.04.25 16:58:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.04.25 16:58:08 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013.04.25 16:58:08 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.04.25 16:58:08 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013.04.25 16:58:08 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.04.25 16:58:07 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.04.25 16:58:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.04.25 16:58:01 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.04.25 16:58:01 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.04.25 16:58:01 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.04.25 16:58:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.04.25 16:58:01 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.04.25 16:58:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.04.25 16:58:00 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.04.25 16:58:00 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.04.25 16:57:59 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.04.25 16:57:59 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.04.25 16:57:58 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.04.25 16:57:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.04.25 16:57:57 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.04.25 16:57:57 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.04.25 16:57:56 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.04.25 16:57:56 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.04.25 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013.04.25 16:22:58 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.04.25 16:22:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.04.25 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.25 16:20:08 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.25 16:20:03 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DAEMON Tools Lite
[2013.04.25 16:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia
[2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.25 20:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 20:26:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 20:26:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 20:25:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 20:25:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 20:25:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 20:25:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 20:25:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 20:18:52 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.25 20:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 20:18:32 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 20:01:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 16:41:14 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.25 16:20:28 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.25 16:24:45 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.04.23 23:23:59 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat
[2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 20:29:47 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,78% Memory free
7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,09 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 81,52 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{14D5ECF5-2942-4526-AFC5-56AC63C44CDA}" = protocol=6 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword_pitboss.exe |
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{45818E48-097E-4DFC-90EA-F65CFE0A10FB}" = protocol=17 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword.exe |
"{803FCF58-076D-437B-B426-BD175AB6441F}" = protocol=6 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword.exe |
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe |
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7B0EF3F-A7F5-463F-B28F-2D451657D648}" = protocol=17 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword_pitboss.exe |
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe |
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe |
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe |
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe |
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{E79239AB-2753-414E-A1CF-74DC8E3E6128}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe |
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe |
"UDP Query User{188E6E94-2C81-4363-9658-634E304CCE8F}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe |
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe |
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe |
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
< End of report >
|
|
25.04.2013, 22:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar |
| 7-zip, adobe, antivir, autorun, avg, avira, battle.net, bho, driverscanner, error, firefox, flash player, format, gmx.de, gruppe, helper, home, install.exe, mozilla, mp3, msiinstaller, object, plug-in, registry, richtlinie, rundll, scan, security, senden, system, udp, updates, virus, visual studio, wajam, windows |
Linear-Darstellung
