Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.04.2013, 09:30   #1
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Moin allerseits,

ich habe Probleme mit meinem Browser. Die Startseite und Standardsuchmaschine wurden geändert und eine manuelle Änderung ist nicht mehr möglich.
Durch das Lesen anderer Beiträge in diesem Forum wie "delta-search-tab-oeffnen-noch-vorhanden" habe ich die Vermutung, dass mein System einen ähnlichen Virus hat.

Weiter war es nicht mehr möglich Youtube Videos abzuspielen. Bisher habe ich noch nichts auf eigene Faust probiert, bis auf ein Updates für den Flashplayer und Java. Das behebte auch prompt das Youtube Problem.

Hier mal die Logs:
  • OTL logfile
Code:
ATTFilter
OTL logfile created on: 10.04.2013 00:54:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,76% Memory free
7,99 Gb Paging File | 6,54 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 17,61 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe
PRC - [2013.03.25 15:50:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.25 15:50:05 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.25 15:50:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.08 16:19:22 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.08.28 08:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.28 08:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.07.10 13:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012.07.05 19:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 16:19:21 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.06 10:57:59 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.03.06 10:55:33 | 000,574,416 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.25 15:50:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.25 15:50:05 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.08 16:19:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 10:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.12.22 23:10:14 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.28 08:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 19:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- E:\VPN\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN30422686161726320&UM=2&ctid=CT3279453
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=2461001F3AD0E917
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDvideoSoft 2.0 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=3&q={searchTerms}&CUI=UN22629397421798942"
FF - prefs.js..browser.search.order.1: "Mixi.DJ Search"
FF - prefs.js..browser.search.selectedEngine: "DVDvideoSoft 2.0 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917"
FF - prefs.js..CT3279453.browser.search.defaultthis.engineName: "true"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mixidj.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80
FF - prefs.js..extensions.enabledAddons: %7B04a8dd1a-4754-48fe-a703-99846646ef04%7D:10.15.0.562
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279453&SearchSource=2&CUI=UN22629397421798942&UM=&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.21 08:19:09 | 000,000,000 | ---D | M]
 
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions
[2013.03.24 23:21:43 | 000,000,000 | ---D | M] (DVDvideoSoft 2.0) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{04a8dd1a-4754-48fe-a703-99846646ef04}
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com
[2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml
[2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.21 08:19:09 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.03.08 16:19:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.21 08:18:53 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Program Files (x86)\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 00:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe
[2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.25 15:50:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.25 15:50:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.25 15:50:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.24 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.21 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.03.21 18:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013.03.21 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDvideoSoft_2.0
[2013.03.21 18:48:28 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Conduit
[2013.03.21 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\SearchProtect
[2013.03.21 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Uniblue
[2013.03.21 18:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.03.21 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013.03.21 18:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.03.21 18:47:43 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\OpenCandy
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.21 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB
[2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.21 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3GP To MP3 Converter
[2013.03.21 08:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3GP2MP3Converter
[2013.03.21 08:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj
[2013.03.21 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Babylon
[2013.03.21 08:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 00:57:14 | 000,377,856 | ---- | M] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe
[2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe
[2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable
[2013.04.10 00:51:38 | 000,050,477 | ---- | M] () -- C:\Users\Farm\Desktop\Defogger.exe
[2013.04.10 00:18:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 00:18:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 00:18:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 00:18:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 00:18:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.10 00:17:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 00:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 21:16:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 21:16:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 21:08:34 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.09 21:08:31 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.04.09 21:08:19 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 12:25:57 | 000,000,000 | ---- | M] () -- C:\END
[2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 18:48:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013.03.19 11:51:12 | 000,674,963 | ---- | M] () -- C:\Users\Farm\Desktop\14.Wiederholung.pdf
[2013.03.11 17:13:30 | 000,052,969 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-11Milch.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.10 00:57:13 | 000,377,856 | ---- | C] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe
[2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable
[2013.04.10 00:51:38 | 000,050,477 | ---- | C] () -- C:\Users\Farm\Desktop\Defogger.exe
[2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2013.03.29 11:20:38 | 000,000,000 | ---- | C] () -- C:\END
[2013.03.21 18:48:06 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013.03.21 18:48:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013.03.19 11:51:12 | 000,674,963 | ---- | C] () -- C:\Users\Farm\Desktop\14.Wiederholung.pdf
[2013.03.11 17:13:29 | 000,052,969 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-11Milch.pdf
[2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat
[2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.21 08:18:42 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Babylon
[2013.03.21 08:19:08 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB
[2013.03.21 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft
[2012.12.27 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Epson
[2012.01.27 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\GarenaPlus
[2011.08.28 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\LibreOffice
[2013.03.21 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\OpenCandy
[2013.03.21 18:48:20 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\SearchProtect
[2011.08.28 10:59:18 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Thunderbird
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\TomTom
[2013.03.21 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 

< End of report >
         
  • OTL extras logfile

Code:
ATTFilter
OTL Extras logfile created on: 10.04.2013 00:54:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,76% Memory free
7,99 Gb Paging File | 6,54 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 17,61 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe | 
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe | 
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"DVDvideoSoft_2.0 Toolbar" = DVDvideoSoft 2.0 Toolbar
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"im" = Garena Plus
"mixidj" = MixiDJ Toolbar 
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Wajam" = Wajam
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2013 05:03:45 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2013 14:51:46 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2013 06:18:40 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2013 06:15:26 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 03:19:43 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 14:40:08 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2013 06:26:07 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 08.04.2013 06:26:41 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 01:12:48 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 05:01:09 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2013 15:10:13 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.03.2013 07:09:06 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 12.03.2013 07:15:16 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 17.03.2013 01:21:49 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.03.2013 08:52:49 | Computer Name = Farm-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.03.2013 15:46:19 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 22.03.2013 18:14:39 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >
         
  • GMER log
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 09:10:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Farm\AppData\Local\Temp\kxldypoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\USER32.dll!DialogBoxParamW             000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075a31465 2 bytes [A3, 75]
.text  C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[1428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                   000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075a31465 2 bytes [A3, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075a31465 2 bytes [A3, 75]
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075a31465 2 bytes [A3, 75]
.text  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075a31465 2 bytes [A3, 75]
.text  C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                          000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000075a31465 2 bytes [A3, 75]
.text  C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                      000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000075a31465 2 bytes [A3, 75]
.text  C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075a31465 2 bytes [A3, 75]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2
.text  C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                       000000007532cfca 5 bytes JMP 0000000172a54620
.text  C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000075a31465 2 bytes [A3, 75]
.text  C:\Users\Farm\Desktop\gmer_2.1.19163.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             0000000075a314bb 2 bytes [A3, 75]
.text  ...                                                                                                                                                                 * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad0e917                                                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad0e917 (not active ControlSet)                                                                     

---- EOF - GMER 2.1 ----
         

Ich hoffe dieser Post entspricht den Regeln im Forum.


Lieben Gruß, Nickx.

Alt 10.04.2013, 13:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.04.2013, 13:24   #3
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Hallo cosinus und danke für das Willkommen.

Es ist Avira auf dem System installiert und ich habe einen Scan durchlaufen lassen, nachdem ich den Thread erstellt habe und du geantwortet hast. Allerdings wurden keine Funde gemacht, deshalb habe ich auch darauf verzichet den Log zu posten.
Weitere Sicherheitssoftware ist nicht installiert.
__________________

Alt 10.04.2013, 13:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2013, 19:43   #5
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Hallo cosinus,

ich habe deinen Anweisungen befolgt. Hier mal ein Bericht wie es gelaufen ist:

MBAR (Malwarebytes Anti-Rootkit)
Meldete beim Start die Vermutung eines Rootkits mit einem Hinweis, wenn ich mir nicht sicher bin möge ich doch bitte "No" klicken. So ist es dann auch gesehen, danach lief der Scan.

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 19:20:51
-----------------------------
19:20:51.838    OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:51.838    Number of processors: 2 586 0x1706
19:20:51.838    ComputerName: FARM-PC  UserName: Farm
19:20:52.418    Initialize success
19:21:02.178    AVAST engine defs: 13041000
19:21:07.940    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:07.950    Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 00000009 Size: 305245MB BusType: 11
19:21:08.080    Disk 0 MBR read successfully
19:21:08.080    Disk 0 MBR scan
19:21:08.090    Disk 0 Windows 7 default MBR code
19:21:08.100    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        49999 MB offset 63
19:21:08.130    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       150000 MB offset 102400000
19:21:08.160    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       105243 MB offset 409600000
19:21:08.250    Disk 0 scanning C:\Windows\system32\drivers
19:21:24.618    Service scanning
19:22:03.888    Modules scanning
19:22:03.908    Disk 0 trace - called modules:
19:22:03.958    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
19:22:04.308    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f060]
19:22:04.318    3 CLASSPNP.SYS[fffff880018f743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004750290]
19:22:04.338    Scan finished successfully
19:24:42.792    Disk 0 MBR has been saved successfully to "C:\Users\Farm\Desktop\MBR.dat"
19:24:42.803    The log file has been saved successfully to "C:\Users\Farm\Desktop\aswMBR.txt"
         

aswMBR

Programm ist beim ersten Durchlauf mit einem Hinweis bezüglich eines Rootkits abgestürzt. Zweiter Scan mit der AV-Einstellung "non" funktionierte.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Farm :: FARM-PC [administrator]

10.04.2013 16:43:41
mbar-log-2013-04-10 (16-43-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26616
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
TDSS rootkit removing tool

Code:
ATTFilter
19:26:04.0477 4068  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:26:04.0717 4068  ============================================================
19:26:04.0717 4068  Current date / time: 2013/04/10 19:26:04.0717
19:26:04.0717 4068  SystemInfo:
19:26:04.0717 4068  
19:26:04.0717 4068  OS Version: 6.1.7601 ServicePack: 1.0
19:26:04.0717 4068  Product type: Workstation
19:26:04.0717 4068  ComputerName: FARM-PC
19:26:04.0717 4068  UserName: Farm
19:26:04.0717 4068  Windows directory: C:\Windows
19:26:04.0717 4068  System windows directory: C:\Windows
19:26:04.0717 4068  Running under WOW64
19:26:04.0717 4068  Processor architecture: Intel x64
19:26:04.0717 4068  Number of processors: 2
19:26:04.0717 4068  Page size: 0x1000
19:26:04.0717 4068  Boot type: Normal boot
19:26:04.0717 4068  ============================================================
19:26:06.0007 4068  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:26:06.0017 4068  ============================================================
19:26:06.0017 4068  \Device\Harddisk0\DR0:
19:26:06.0017 4068  MBR partitions:
19:26:06.0017 4068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
19:26:06.0017 4068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x124F8000
19:26:06.0017 4068  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0xCD8D800
19:26:06.0017 4068  ============================================================
19:26:06.0037 4068  C: <-> \Device\Harddisk0\DR0\Partition1
19:26:06.0067 4068  D: <-> \Device\Harddisk0\DR0\Partition2
19:26:06.0117 4068  E: <-> \Device\Harddisk0\DR0\Partition3
19:26:06.0117 4068  ============================================================
19:26:06.0117 4068  Initialize success
19:26:06.0117 4068  ============================================================
19:26:34.0033 1740  ============================================================
19:26:34.0033 1740  Scan started
19:26:34.0033 1740  Mode: Manual; SigCheck; TDLFS; 
19:26:34.0033 1740  ============================================================
19:26:34.0537 1740  ================ Scan system memory ========================
19:26:34.0537 1740  System memory - ok
19:26:34.0537 1740  ================ Scan services =============================
19:26:34.0737 1740  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:26:34.0947 1740  1394ohci - ok
19:26:35.0087 1740  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:26:35.0177 1740  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:26:35.0207 1740  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:26:35.0287 1740  ACPI - ok
19:26:35.0317 1740  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:26:35.0387 1740  AcpiPmi - ok
19:26:35.0457 1740  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:26:35.0507 1740  AdobeARMservice - ok
19:26:35.0637 1740  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:26:35.0687 1740  AdobeFlashPlayerUpdateSvc - ok
19:26:35.0727 1740  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:26:35.0807 1740  adp94xx - ok
19:26:35.0867 1740  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:26:35.0917 1740  adpahci - ok
19:26:35.0947 1740  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:26:35.0997 1740  adpu320 - ok
19:26:36.0037 1740  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:26:36.0157 1740  AeLookupSvc - ok
19:26:36.0297 1740  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:26:36.0437 1740  AFD - ok
19:26:36.0459 1740  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:26:36.0511 1740  agp440 - ok
19:26:36.0527 1740  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:26:36.0589 1740  ALG - ok
19:26:36.0619 1740  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:26:36.0639 1740  aliide - ok
19:26:36.0649 1740  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:26:36.0669 1740  amdide - ok
19:26:36.0689 1740  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:26:36.0729 1740  AmdK8 - ok
19:26:36.0739 1740  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:26:36.0779 1740  AmdPPM - ok
19:26:36.0809 1740  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:26:36.0859 1740  amdsata - ok
19:26:36.0909 1740  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:26:36.0962 1740  amdsbs - ok
19:26:36.0994 1740  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:26:37.0033 1740  amdxata - ok
19:26:37.0135 1740  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:26:37.0175 1740  AntiVirSchedulerService - ok
19:26:37.0255 1740  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:26:37.0295 1740  AntiVirService - ok
19:26:37.0355 1740  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:26:37.0485 1740  AppID - ok
19:26:37.0555 1740  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:26:37.0687 1740  AppIDSvc - ok
19:26:37.0717 1740  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:26:37.0847 1740  Appinfo - ok
19:26:37.0867 1740  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:26:37.0917 1740  arc - ok
19:26:37.0937 1740  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:26:37.0987 1740  arcsas - ok
19:26:38.0037 1740  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:38.0167 1740  AsyncMac - ok
19:26:38.0227 1740  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:26:38.0267 1740  atapi - ok
19:26:38.0317 1740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:26:38.0457 1740  AudioEndpointBuilder - ok
19:26:38.0537 1740  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:26:38.0679 1740  AudioSrv - ok
19:26:38.0779 1740  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:26:38.0829 1740  avgntflt - ok
19:26:38.0889 1740  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:26:38.0929 1740  avipbb - ok
19:26:38.0949 1740  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:26:38.0989 1740  avkmgr - ok
19:26:39.0029 1740  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:26:39.0099 1740  AxInstSV - ok
19:26:39.0159 1740  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:26:39.0249 1740  b06bdrv - ok
19:26:39.0279 1740  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:26:39.0403 1740  b57nd60a - ok
19:26:39.0461 1740  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:26:39.0543 1740  BDESVC - ok
19:26:39.0583 1740  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:26:39.0705 1740  Beep - ok
19:26:39.0755 1740  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:26:39.0895 1740  BFE - ok
19:26:39.0995 1740  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:26:40.0177 1740  BITS - ok
19:26:40.0197 1740  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:40.0277 1740  blbdrive - ok
19:26:40.0317 1740  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:26:40.0387 1740  bowser - ok
19:26:40.0407 1740  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:26:40.0477 1740  BrFiltLo - ok
19:26:40.0497 1740  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:26:40.0557 1740  BrFiltUp - ok
19:26:40.0597 1740  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:26:40.0667 1740  Browser - ok
19:26:40.0827 1740  [ CA2E0AAA6943618108D786FF31848989 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
19:26:41.0077 1740  BrowserProtect ( UnsignedFile.Multi.Generic ) - warning
19:26:41.0077 1740  BrowserProtect - detected UnsignedFile.Multi.Generic (1)
19:26:41.0107 1740  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:26:41.0187 1740  Brserid - ok
19:26:41.0217 1740  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:41.0297 1740  BrSerWdm - ok
19:26:41.0329 1740  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:41.0413 1740  BrUsbMdm - ok
19:26:41.0425 1740  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:41.0489 1740  BrUsbSer - ok
19:26:41.0539 1740  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:26:41.0599 1740  BthEnum - ok
19:26:41.0619 1740  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:26:41.0689 1740  BTHMODEM - ok
19:26:41.0729 1740  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:26:41.0799 1740  BthPan - ok
19:26:41.0839 1740  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:26:41.0949 1740  BTHPORT - ok
19:26:41.0979 1740  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:26:42.0089 1740  bthserv - ok
19:26:42.0179 1740  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:26:42.0239 1740  BTHUSB - ok
19:26:42.0271 1740  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:26:42.0420 1740  cdfs - ok
19:26:42.0503 1740  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:26:42.0583 1740  cdrom - ok
19:26:42.0623 1740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:26:42.0773 1740  CertPropSvc - ok
19:26:42.0813 1740  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:26:42.0863 1740  circlass - ok
19:26:42.0893 1740  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:26:42.0973 1740  CLFS - ok
19:26:43.0043 1740  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:43.0093 1740  clr_optimization_v2.0.50727_32 - ok
19:26:43.0143 1740  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:43.0183 1740  clr_optimization_v2.0.50727_64 - ok
19:26:43.0243 1740  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:43.0293 1740  clr_optimization_v4.0.30319_32 - ok
19:26:43.0333 1740  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:43.0390 1740  clr_optimization_v4.0.30319_64 - ok
19:26:43.0433 1740  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:26:43.0515 1740  CmBatt - ok
19:26:43.0557 1740  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:26:43.0597 1740  cmdide - ok
19:26:43.0657 1740  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:26:43.0759 1740  CNG - ok
19:26:43.0779 1740  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:26:43.0829 1740  Compbatt - ok
19:26:43.0869 1740  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:26:43.0929 1740  CompositeBus - ok
19:26:43.0949 1740  COMSysApp - ok
19:26:43.0969 1740  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:26:44.0009 1740  crcdisk - ok
19:26:44.0049 1740  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:26:44.0109 1740  CryptSvc - ok
19:26:44.0149 1740  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
19:26:44.0189 1740  CVirtA - ok
19:26:44.0319 1740  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           E:\VPN\cvpnd.exe
19:26:44.0483 1740  CVPND - ok
19:26:44.0533 1740  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
19:26:44.0590 1740  CVPNDRVA - ok
19:26:44.0645 1740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:26:44.0775 1740  DcomLaunch - ok
19:26:44.0845 1740  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:26:44.0975 1740  defragsvc - ok
19:26:45.0015 1740  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:26:45.0135 1740  DfsC - ok
19:26:45.0175 1740  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:26:45.0245 1740  Dhcp - ok
19:26:45.0271 1740  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:26:45.0403 1740  discache - ok
19:26:45.0479 1740  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:26:45.0499 1740  Disk - ok
19:26:45.0559 1740  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
19:26:45.0579 1740  DNE - ok
19:26:45.0609 1740  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:26:45.0686 1740  Dnscache - ok
19:26:45.0721 1740  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:26:45.0851 1740  dot3svc - ok
19:26:45.0931 1740  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:26:46.0051 1740  DPS - ok
19:26:46.0081 1740  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:26:46.0141 1740  drmkaud - ok
19:26:46.0191 1740  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:26:46.0311 1740  DXGKrnl - ok
19:26:46.0356 1740  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:26:46.0473 1740  EapHost - ok
19:26:46.0583 1740  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:26:46.0763 1740  ebdrv - ok
19:26:46.0783 1740  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:26:46.0853 1740  EFS - ok
19:26:46.0913 1740  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:26:47.0013 1740  ehRecvr - ok
19:26:47.0053 1740  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:26:47.0113 1740  ehSched - ok
19:26:47.0153 1740  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:26:47.0272 1740  elxstor - ok
19:26:47.0304 1740  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:26:47.0365 1740  ErrDev - ok
19:26:47.0445 1740  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:26:47.0609 1740  EventSystem - ok
19:26:47.0689 1740  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:26:47.0801 1740  exfat - ok
19:26:47.0861 1740  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:26:47.0991 1740  fastfat - ok
19:26:48.0031 1740  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:26:48.0121 1740  Fax - ok
19:26:48.0141 1740  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:26:48.0201 1740  fdc - ok
19:26:48.0253 1740  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:26:48.0394 1740  fdPHost - ok
19:26:48.0445 1740  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:26:48.0577 1740  FDResPub - ok
19:26:48.0617 1740  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:26:48.0667 1740  FileInfo - ok
19:26:48.0677 1740  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:26:48.0817 1740  Filetrace - ok
19:26:48.0897 1740  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:26:48.0937 1740  flpydisk - ok
19:26:48.0967 1740  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:26:49.0027 1740  FltMgr - ok
19:26:49.0097 1740  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:26:49.0187 1740  FontCache - ok
19:26:49.0237 1740  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:49.0277 1740  FontCache3.0.0.0 - ok
19:26:49.0297 1740  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:26:49.0347 1740  FsDepends - ok
19:26:49.0383 1740  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:26:49.0419 1740  Fs_Rec - ok
19:26:49.0469 1740  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:26:49.0529 1740  fvevol - ok
19:26:49.0569 1740  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:26:49.0609 1740  gagp30kx - ok
19:26:49.0669 1740  GGSAFERDriver - ok
19:26:49.0739 1740  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:26:49.0871 1740  gpsvc - ok
19:26:50.0001 1740  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:50.0041 1740  gupdate - ok
19:26:50.0071 1740  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:26:50.0111 1740  gupdatem - ok
19:26:50.0141 1740  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:26:50.0201 1740  hcw85cir - ok
19:26:50.0255 1740  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:26:50.0333 1740  HdAudAddService - ok
19:26:50.0363 1740  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:50.0433 1740  HDAudBus - ok
19:26:50.0453 1740  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:26:50.0513 1740  HidBatt - ok
19:26:50.0533 1740  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:26:50.0593 1740  HidBth - ok
19:26:50.0616 1740  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:26:50.0665 1740  HidIr - ok
19:26:50.0695 1740  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:26:50.0817 1740  hidserv - ok
19:26:50.0887 1740  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:26:50.0947 1740  HidUsb - ok
19:26:50.0999 1740  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:26:51.0151 1740  hkmsvc - ok
19:26:51.0191 1740  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:26:51.0263 1740  HomeGroupListener - ok
19:26:51.0293 1740  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:26:51.0368 1740  HomeGroupProvider - ok
19:26:51.0405 1740  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:26:51.0425 1740  HpSAMD - ok
19:26:51.0465 1740  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:26:51.0575 1740  HTTP - ok
19:26:51.0585 1740  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:26:51.0625 1740  hwpolicy - ok
19:26:51.0645 1740  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:51.0717 1740  i8042prt - ok
19:26:51.0787 1740  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:26:51.0870 1740  iaStorV - ok
19:26:51.0949 1740  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:26:52.0059 1740  idsvc - ok
19:26:52.0069 1740  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:26:52.0119 1740  iirsp - ok
19:26:52.0169 1740  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:26:52.0333 1740  IKEEXT - ok
19:26:52.0392 1740  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:26:52.0424 1740  intelide - ok
19:26:52.0451 1740  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:26:52.0481 1740  intelppm - ok
19:26:52.0491 1740  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:26:52.0561 1740  IPBusEnum - ok
19:26:52.0581 1740  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:52.0631 1740  IpFilterDriver - ok
19:26:52.0681 1740  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:26:52.0731 1740  iphlpsvc - ok
19:26:52.0741 1740  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:26:52.0781 1740  IPMIDRV - ok
19:26:52.0801 1740  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:26:52.0921 1740  IPNAT - ok
19:26:52.0951 1740  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:26:53.0021 1740  IRENUM - ok
19:26:53.0041 1740  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:26:53.0091 1740  isapnp - ok
19:26:53.0111 1740  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:26:53.0161 1740  iScsiPrt - ok
19:26:53.0191 1740  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:53.0231 1740  kbdclass - ok
19:26:53.0261 1740  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:26:53.0321 1740  kbdhid - ok
19:26:53.0331 1740  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:26:53.0381 1740  KeyIso - ok
19:26:53.0411 1740  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:26:53.0461 1740  KSecDD - ok
19:26:53.0511 1740  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:26:53.0561 1740  KSecPkg - ok
19:26:53.0591 1740  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:26:53.0721 1740  ksthunk - ok
19:26:53.0761 1740  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:26:53.0893 1740  KtmRm - ok
19:26:53.0943 1740  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:26:54.0073 1740  LanmanServer - ok
19:26:54.0113 1740  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:26:54.0243 1740  LanmanWorkstation - ok
19:26:54.0325 1740  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:26:54.0473 1740  lltdio - ok
19:26:54.0537 1740  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:26:54.0657 1740  lltdsvc - ok
19:26:54.0677 1740  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:26:54.0797 1740  lmhosts - ok
19:26:54.0877 1740  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:26:54.0927 1740  LSI_FC - ok
19:26:54.0947 1740  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:26:54.0987 1740  LSI_SAS - ok
19:26:55.0007 1740  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:26:55.0057 1740  LSI_SAS2 - ok
19:26:55.0077 1740  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:26:55.0127 1740  LSI_SCSI - ok
19:26:55.0157 1740  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:26:55.0277 1740  luafv - ok
19:26:55.0307 1740  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:26:55.0367 1740  Mcx2Svc - ok
19:26:55.0387 1740  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:26:55.0437 1740  megasas - ok
19:26:55.0477 1740  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:26:55.0537 1740  MegaSR - ok
19:26:55.0557 1740  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:26:55.0677 1740  MMCSS - ok
19:26:55.0727 1740  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:26:55.0847 1740  Modem - ok
19:26:55.0917 1740  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:26:55.0977 1740  monitor - ok
19:26:55.0997 1740  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:26:56.0037 1740  mouclass - ok
19:26:56.0071 1740  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:26:56.0119 1740  mouhid - ok
19:26:56.0129 1740  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:26:56.0179 1740  mountmgr - ok
19:26:56.0249 1740  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:26:56.0289 1740  MozillaMaintenance - ok
19:26:56.0341 1740  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:26:56.0391 1740  mpio - ok
19:26:56.0411 1740  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:26:56.0521 1740  mpsdrv - ok
19:26:56.0613 1740  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:26:56.0753 1740  MpsSvc - ok
19:26:56.0793 1740  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:26:56.0884 1740  MRxDAV - ok
19:26:56.0941 1740  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:56.0995 1740  mrxsmb - ok
19:26:57.0028 1740  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:57.0047 1740  mrxsmb10 - ok
19:26:57.0057 1740  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:57.0087 1740  mrxsmb20 - ok
19:26:57.0117 1740  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:26:57.0137 1740  msahci - ok
19:26:57.0157 1740  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:26:57.0177 1740  msdsm - ok
19:26:57.0197 1740  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:26:57.0227 1740  MSDTC - ok
19:26:57.0267 1740  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:26:57.0341 1740  Msfs - ok
19:26:57.0365 1740  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:26:57.0429 1740  mshidkmdf - ok
19:26:57.0449 1740  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:26:57.0469 1740  msisadrv - ok
19:26:57.0509 1740  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:26:57.0569 1740  MSiSCSI - ok
19:26:57.0579 1740  msiserver - ok
19:26:57.0609 1740  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:26:57.0669 1740  MSKSSRV - ok
19:26:57.0689 1740  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:57.0749 1740  MSPCLOCK - ok
19:26:57.0759 1740  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:26:57.0829 1740  MSPQM - ok
19:26:57.0849 1740  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:26:57.0879 1740  MsRPC - ok
19:26:57.0899 1740  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:57.0919 1740  mssmbios - ok
19:26:57.0939 1740  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:26:57.0999 1740  MSTEE - ok
19:26:58.0019 1740  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:26:58.0039 1740  MTConfig - ok
19:26:58.0049 1740  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:26:58.0079 1740  Mup - ok
19:26:58.0120 1740  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:26:58.0211 1740  napagent - ok
19:26:58.0271 1740  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:26:58.0311 1740  NativeWifiP - ok
19:26:58.0361 1740  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:26:58.0451 1740  NDIS - ok
19:26:58.0471 1740  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:58.0591 1740  NdisCap - ok
19:26:58.0671 1740  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:58.0791 1740  NdisTapi - ok
19:26:58.0851 1740  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:58.0971 1740  Ndisuio - ok
19:26:59.0031 1740  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:59.0162 1740  NdisWan - ok
19:26:59.0183 1740  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:26:59.0273 1740  NDProxy - ok
19:26:59.0293 1740  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:26:59.0423 1740  NetBIOS - ok
19:26:59.0485 1740  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:26:59.0605 1740  NetBT - ok
19:26:59.0658 1740  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:26:59.0717 1740  Netlogon - ok
19:26:59.0799 1740  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:26:59.0941 1740  Netman - ok
19:27:00.0021 1740  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:27:00.0171 1740  netprofm - ok
19:27:00.0261 1740  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:00.0301 1740  NetTcpPortSharing - ok
19:27:00.0603 1740  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
19:27:00.0963 1740  NETw5s64 - ok
19:27:01.0155 1740  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
19:27:01.0395 1740  netw5v64 - ok
19:27:01.0425 1740  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:27:01.0475 1740  nfrd960 - ok
19:27:01.0505 1740  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:27:01.0575 1740  NlaSvc - ok
19:27:01.0605 1740  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:27:01.0755 1740  Npfs - ok
19:27:01.0807 1740  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:27:01.0927 1740  nsi - ok
19:27:01.0937 1740  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:27:02.0057 1740  nsiproxy - ok
19:27:02.0207 1740  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:27:02.0357 1740  Ntfs - ok
19:27:02.0397 1740  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:27:02.0517 1740  Null - ok
19:27:02.0897 1740  [ 9DCB4E47FEA1EDAE38168911E6004D3C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:27:03.0539 1740  nvlddmkm - ok
19:27:03.0589 1740  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:27:03.0619 1740  nvraid - ok
19:27:03.0629 1740  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:27:03.0659 1740  nvstor - ok
19:27:03.0689 1740  [ 015B7A60674F849FF8395CEAFFF9CAFD ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:27:03.0719 1740  nvsvc - ok
19:27:03.0739 1740  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:27:03.0769 1740  nv_agp - ok
19:27:03.0779 1740  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:27:03.0809 1740  ohci1394 - ok
19:27:03.0869 1740  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:03.0889 1740  ose - ok
19:27:04.0089 1740  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:27:04.0411 1740  osppsvc - ok
19:27:04.0471 1740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:27:04.0551 1740  p2pimsvc - ok
19:27:04.0591 1740  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:27:04.0651 1740  p2psvc - ok
19:27:04.0691 1740  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:27:04.0741 1740  Parport - ok
19:27:04.0781 1740  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:27:04.0821 1740  partmgr - ok
19:27:04.0851 1740  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:27:04.0921 1740  PcaSvc - ok
19:27:04.0951 1740  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:27:05.0001 1740  pci - ok
19:27:05.0021 1740  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:27:05.0071 1740  pciide - ok
19:27:05.0091 1740  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:27:05.0141 1740  pcmcia - ok
19:27:05.0171 1740  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:27:05.0221 1740  pcw - ok
19:27:05.0267 1740  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:27:05.0413 1740  PEAUTH - ok
19:27:05.0503 1740  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:27:05.0563 1740  PerfHost - ok
19:27:05.0653 1740  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:27:05.0809 1740  pla - ok
19:27:05.0885 1740  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:27:05.0967 1740  PlugPlay - ok
19:27:05.0987 1740  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:27:06.0047 1740  PNRPAutoReg - ok
19:27:06.0095 1740  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:27:06.0149 1740  PNRPsvc - ok
19:27:06.0179 1740  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:27:06.0321 1740  PolicyAgent - ok
19:27:06.0393 1740  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:27:06.0471 1740  Power - ok
19:27:06.0495 1740  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:27:06.0555 1740  PptpMiniport - ok
19:27:06.0575 1740  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:27:06.0605 1740  Processor - ok
19:27:06.0645 1740  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:27:06.0677 1740  ProfSvc - ok
19:27:06.0697 1740  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:27:06.0717 1740  ProtectedStorage - ok
19:27:06.0737 1740  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:27:06.0797 1740  Psched - ok
19:27:06.0857 1740  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:27:06.0937 1740  ql2300 - ok
19:27:06.0957 1740  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:27:06.0977 1740  ql40xx - ok
19:27:07.0007 1740  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:27:07.0087 1740  QWAVE - ok
19:27:07.0119 1740  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:27:07.0189 1740  QWAVEdrv - ok
19:27:07.0219 1740  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:27:07.0329 1740  RasAcd - ok
19:27:07.0391 1740  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:07.0501 1740  RasAgileVpn - ok
19:27:07.0551 1740  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:27:07.0671 1740  RasAuto - ok
19:27:07.0741 1740  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:07.0861 1740  Rasl2tp - ok
19:27:07.0891 1740  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:27:08.0003 1740  RasMan - ok
19:27:08.0053 1740  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:08.0183 1740  RasPppoe - ok
19:27:08.0193 1740  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:27:08.0313 1740  RasSstp - ok
19:27:08.0383 1740  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:27:08.0503 1740  rdbss - ok
19:27:08.0553 1740  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:27:08.0613 1740  rdpbus - ok
19:27:08.0633 1740  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:27:08.0749 1740  RDPCDD - ok
19:27:08.0815 1740  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:27:08.0925 1740  RDPENCDD - ok
19:27:08.0987 1740  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:27:09.0097 1740  RDPREFMP - ok
19:27:09.0207 1740  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:27:09.0277 1740  RdpVideoMiniport - ok
19:27:09.0307 1740  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:27:09.0386 1740  RDPWD - ok
19:27:09.0419 1740  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:27:09.0482 1740  rdyboost - ok
19:27:09.0511 1740  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:27:09.0631 1740  RemoteAccess - ok
19:27:09.0691 1740  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:27:09.0815 1740  RemoteRegistry - ok
19:27:09.0852 1740  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:27:09.0913 1740  RFCOMM - ok
19:27:09.0933 1740  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:27:10.0053 1740  RpcEptMapper - ok
19:27:10.0103 1740  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:27:10.0173 1740  RpcLocator - ok
19:27:10.0232 1740  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:27:10.0367 1740  RpcSs - ok
19:27:10.0449 1740  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:27:10.0523 1740  rspndr - ok
19:27:10.0548 1740  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:27:10.0571 1740  SamSs - ok
19:27:10.0593 1740  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:27:10.0613 1740  sbp2port - ok
19:27:10.0643 1740  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:27:10.0703 1740  SCardSvr - ok
19:27:10.0713 1740  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:27:10.0773 1740  scfilter - ok
19:27:10.0823 1740  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:27:10.0965 1740  Schedule - ok
19:27:10.0995 1740  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:27:11.0095 1740  SCPolicySvc - ok
19:27:11.0165 1740  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:27:11.0225 1740  SDRSVC - ok
19:27:11.0275 1740  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:27:11.0405 1740  secdrv - ok
19:27:11.0485 1740  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:27:11.0595 1740  seclogon - ok
19:27:11.0675 1740  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:27:11.0795 1740  SENS - ok
19:27:11.0855 1740  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:27:11.0905 1740  SensrSvc - ok
19:27:11.0925 1740  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:27:11.0985 1740  Serenum - ok
19:27:12.0024 1740  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:27:12.0087 1740  Serial - ok
19:27:12.0107 1740  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:27:12.0167 1740  sermouse - ok
19:27:12.0207 1740  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:27:12.0340 1740  SessionEnv - ok
19:27:12.0366 1740  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:27:12.0423 1740  sffdisk - ok
19:27:12.0489 1740  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:27:12.0549 1740  sffp_mmc - ok
19:27:12.0559 1740  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:27:12.0629 1740  sffp_sd - ok
19:27:12.0639 1740  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:27:12.0699 1740  sfloppy - ok
19:27:12.0739 1740  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:27:12.0869 1740  SharedAccess - ok
19:27:12.0929 1740  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:27:13.0039 1740  ShellHWDetection - ok
19:27:13.0079 1740  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:27:13.0119 1740  SiSRaid2 - ok
19:27:13.0159 1740  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:27:13.0209 1740  SiSRaid4 - ok
19:27:13.0419 1740  [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:27:13.0629 1740  Skype C2C Service - ok
19:27:13.0719 1740  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:27:13.0759 1740  SkypeUpdate - ok
19:27:13.0789 1740  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:27:13.0899 1740  Smb - ok
19:27:13.0979 1740  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:27:14.0029 1740  SNMPTRAP - ok
19:27:14.0049 1740  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:27:14.0089 1740  spldr - ok
19:27:14.0149 1740  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:27:14.0219 1740  Spooler - ok
19:27:14.0339 1740  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:27:14.0649 1740  sppsvc - ok
19:27:14.0669 1740  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:27:14.0789 1740  sppuinotify - ok
19:27:14.0859 1740  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:27:14.0939 1740  srv - ok
19:27:14.0979 1740  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:27:15.0059 1740  srv2 - ok
19:27:15.0089 1740  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:27:15.0139 1740  srvnet - ok
19:27:15.0211 1740  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:27:15.0342 1740  SSDPSRV - ok
19:27:15.0379 1740  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:27:15.0454 1740  SstpSvc - ok
19:27:15.0493 1740  Steam Client Service - ok
19:27:15.0543 1740  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:27:15.0573 1740  stexstor - ok
19:27:15.0613 1740  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:27:15.0693 1740  stisvc - ok
19:27:15.0703 1740  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:27:15.0753 1740  swenum - ok
19:27:15.0783 1740  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:27:15.0913 1740  swprv - ok
19:27:16.0003 1740  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:27:16.0163 1740  SysMain - ok
19:27:16.0193 1740  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:27:16.0273 1740  TabletInputService - ok
19:27:16.0303 1740  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:27:16.0425 1740  TapiSrv - ok
19:27:16.0445 1740  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:27:16.0505 1740  TBS - ok
19:27:16.0585 1740  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:27:16.0745 1740  Tcpip - ok
19:27:16.0875 1740  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:27:17.0004 1740  TCPIP6 - ok
19:27:17.0067 1740  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:27:17.0107 1740  tcpipreg - ok
19:27:17.0159 1740  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:27:17.0209 1740  TDPIPE - ok
19:27:17.0249 1740  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:27:17.0279 1740  TDTCP - ok
19:27:17.0309 1740  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:27:17.0369 1740  tdx - ok
19:27:17.0379 1740  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:27:17.0399 1740  TermDD - ok
19:27:17.0449 1740  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:27:17.0579 1740  TermService - ok
19:27:17.0619 1740  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:27:17.0689 1740  Themes - ok
19:27:17.0709 1740  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:27:17.0819 1740  THREADORDER - ok
19:27:17.0919 1740  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
19:27:17.0959 1740  TomTomHOMEService - ok
19:27:17.0979 1740  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:27:18.0089 1740  TrkWks - ok
19:27:18.0199 1740  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:27:18.0309 1740  TrustedInstaller - ok
19:27:18.0371 1740  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:27:18.0457 1740  tssecsrv - ok
19:27:18.0493 1740  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:27:18.0533 1740  TsUsbFlt - ok
19:27:18.0553 1740  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:27:18.0583 1740  TsUsbGD - ok
19:27:18.0613 1740  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:27:18.0733 1740  tunnel - ok
19:27:18.0753 1740  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:27:18.0793 1740  uagp35 - ok
19:27:18.0823 1740  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:27:18.0943 1740  udfs - ok
19:27:19.0023 1740  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:27:19.0083 1740  UI0Detect - ok
19:27:19.0113 1740  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:27:19.0153 1740  uliagpkx - ok
19:27:19.0183 1740  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:27:19.0243 1740  umbus - ok
19:27:19.0253 1740  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:27:19.0313 1740  UmPass - ok
19:27:19.0367 1740  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:27:19.0485 1740  upnphost - ok
19:27:19.0535 1740  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:27:19.0605 1740  usbaudio - ok
19:27:19.0645 1740  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:27:19.0695 1740  usbccgp - ok
19:27:19.0725 1740  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:27:19.0785 1740  usbcir - ok
19:27:19.0805 1740  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:27:19.0855 1740  usbehci - ok
19:27:19.0895 1740  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:27:19.0975 1740  usbhub - ok
19:27:19.0995 1740  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:27:20.0055 1740  usbohci - ok
19:27:20.0065 1740  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:27:20.0127 1740  usbprint - ok
19:27:20.0157 1740  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:27:20.0217 1740  usbscan - ok
19:27:20.0247 1740  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:27:20.0307 1740  USBSTOR - ok
19:27:20.0337 1740  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:27:20.0397 1740  usbuhci - ok
19:27:20.0437 1740  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:27:20.0507 1740  usbvideo - ok
19:27:20.0537 1740  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:27:20.0657 1740  UxSms - ok
19:27:20.0727 1740  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:27:20.0767 1740  VaultSvc - ok
19:27:20.0787 1740  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:27:20.0837 1740  vdrvroot - ok
19:27:20.0877 1740  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:27:21.0007 1740  vds - ok
19:27:21.0017 1740  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:27:21.0077 1740  vga - ok
19:27:21.0087 1740  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:27:21.0207 1740  VgaSave - ok
19:27:21.0277 1740  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:27:21.0340 1740  vhdmp - ok
19:27:21.0370 1740  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:27:21.0424 1740  viaide - ok
19:27:21.0463 1740  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:27:21.0501 1740  volmgr - ok
19:27:21.0543 1740  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:27:21.0593 1740  volmgrx - ok
19:27:21.0613 1740  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:27:21.0643 1740  volsnap - ok
19:27:21.0663 1740  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:27:21.0683 1740  vsmraid - ok
19:27:21.0753 1740  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:27:21.0933 1740  VSS - ok
19:27:22.0003 1740  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:27:22.0073 1740  vwifibus - ok
19:27:22.0113 1740  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:27:22.0193 1740  vwififlt - ok
19:27:22.0223 1740  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:27:22.0353 1740  W32Time - ok
19:27:22.0405 1740  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:27:22.0465 1740  WacomPen - ok
19:27:22.0505 1740  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
19:27:22.0525 1740  WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
19:27:22.0525 1740  WajamUpdater - detected UnsignedFile.Multi.Generic (1)
19:27:22.0565 1740  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:27:22.0677 1740  WANARP - ok
19:27:22.0687 1740  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:27:22.0797 1740  Wanarpv6 - ok
19:27:22.0887 1740  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:27:22.0937 1740  wbengine - ok
19:27:22.0957 1740  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:27:22.0997 1740  WbioSrvc - ok
19:27:23.0017 1740  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:27:23.0087 1740  wcncsvc - ok
19:27:23.0117 1740  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:27:23.0177 1740  WcsPlugInService - ok
19:27:23.0197 1740  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:27:23.0247 1740  Wd - ok
19:27:23.0297 1740  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:27:23.0407 1740  Wdf01000 - ok
19:27:23.0437 1740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:27:23.0517 1740  WdiServiceHost - ok
19:27:23.0527 1740  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:27:23.0587 1740  WdiSystemHost - ok
19:27:23.0657 1740  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:27:23.0747 1740  WebClient - ok
19:27:23.0777 1740  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:27:23.0897 1740  Wecsvc - ok
19:27:23.0917 1740  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:27:24.0017 1740  wercplsupport - ok
19:27:24.0037 1740  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:27:24.0097 1740  WerSvc - ok
19:27:24.0137 1740  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:27:24.0187 1740  WfpLwf - ok
19:27:24.0197 1740  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:27:24.0217 1740  WIMMount - ok
19:27:24.0227 1740  WinDefend - ok
19:27:24.0247 1740  WinHttpAutoProxySvc - ok
19:27:24.0327 1740  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:27:24.0395 1740  Winmgmt - ok
19:27:24.0459 1740  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:27:24.0539 1740  WinRM - ok
19:27:24.0599 1740  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:27:24.0729 1740  Wlansvc - ok
19:27:24.0739 1740  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:27:24.0789 1740  WmiAcpi - ok
19:27:24.0829 1740  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:27:24.0889 1740  wmiApSrv - ok
19:27:24.0909 1740  WMPNetworkSvc - ok
19:27:24.0939 1740  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:27:24.0989 1740  WPCSvc - ok
19:27:25.0019 1740  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:27:25.0079 1740  WPDBusEnum - ok
19:27:25.0119 1740  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:27:25.0229 1740  ws2ifsl - ok
19:27:25.0299 1740  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:27:25.0369 1740  wscsvc - ok
19:27:25.0379 1740  WSearch - ok
19:27:25.0489 1740  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:27:25.0679 1740  wuauserv - ok
19:27:25.0739 1740  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:27:25.0799 1740  WudfPf - ok
19:27:25.0839 1740  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:25.0899 1740  WUDFRd - ok
19:27:25.0929 1740  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:27:25.0989 1740  wudfsvc - ok
19:27:26.0029 1740  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:27:26.0099 1740  WwanSvc - ok
19:27:26.0159 1740  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
19:27:26.0249 1740  yukonw7 - ok
19:27:26.0299 1740  ================ Scan global ===============================
19:27:26.0329 1740  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:27:26.0369 1740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:27:26.0389 1740  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:27:26.0419 1740  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:27:26.0449 1740  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:27:26.0469 1740  [Global] - ok
19:27:26.0469 1740  ================ Scan MBR ==================================
19:27:26.0489 1740  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:27:26.0849 1740  \Device\Harddisk0\DR0 - ok
19:27:26.0849 1740  ================ Scan VBR ==================================
19:27:26.0849 1740  [ 0E6B778113C630AA4A9A7349C3C8070A ] \Device\Harddisk0\DR0\Partition1
19:27:26.0859 1740  \Device\Harddisk0\DR0\Partition1 - ok
19:27:26.0889 1740  [ 60B023BB38663952C5F611DB995871BE ] \Device\Harddisk0\DR0\Partition2
19:27:26.0889 1740  \Device\Harddisk0\DR0\Partition2 - ok
19:27:26.0919 1740  [ E74A08C8358625A6BFF3E1D8CE4CCFF4 ] \Device\Harddisk0\DR0\Partition3
19:27:26.0919 1740  \Device\Harddisk0\DR0\Partition3 - ok
19:27:26.0919 1740  ============================================================
19:27:26.0919 1740  Scan finished
19:27:26.0919 1740  ============================================================
19:27:26.0969 0872  Detected object count: 2
19:27:26.0969 0872  Actual detected object count: 2
19:27:58.0735 0872  BrowserProtect ( UnsignedFile.Multi.Generic ) - skipped by user
19:27:58.0735 0872  BrowserProtect ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:27:58.0745 0872  WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:27:58.0745 0872  WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:28:25.0190 3964  Deinitialize success
         

Ich hoffe natürlich, dass der Schaden sich in Grenzen hält, aber ich kann nichts mit den Logs anfangen.

Gruß, Nickx.


Alt 10.04.2013, 23:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar

Alt 18.04.2013, 21:35   #7
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Hallo Cosinus,

Ich war anderweitig beschäftigt und komme jetzt erst dazu den übrigen Scans zu machen.

Hier die Logs:
  • JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 11.04.2013 at 14:35:31,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browserprotect 
Successfully deleted: [Service] browserprotect 
Successfully stopped: [Service] wajamupdater 
Successfully deleted: [Service] wajamupdater 



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\driverscanner
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page 
Failed to delete: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-534391179-305817613-1184640974-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\mixidj
Successfully deleted: [Registry Key] hkey_local_machine\software\mixidj
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3279453
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\driverscanner.job"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\mixidj"
Successfully deleted: [Folder] "C:\Users\Farm\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mixidj"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\microsoft\windows\start menu\programs\browserprotect"
Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\user.js
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\smartbar
Successfully deleted the following from C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\prefs.js

user_pref("CT3279453.1000082.isPlayDisplay", "true");
user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT3279453.1000234.TWC_TMP_city", "NUREMBERG");
user_pref("CT3279453.1000234.TWC_TMP_country", "DE");
user_pref("CT3279453.1000234.TWC_country", "GERMANY");
user_pref("CT3279453.1000234.TWC_locId", "GMBY0250");
user_pref("CT3279453.1000234.TWC_location", "Nuremberg, Germany");
user_pref("CT3279453.1000234.TWC_region", "DE");
user_pref("CT3279453.1000234.TWC_temp_dis", "c");
user_pref("CT3279453.1000234.TWC_wind_dis", "kmh");
user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"6°C\",\"temperatureClear\":\"6°C\",\"highTemperature\":\"9°C\",\"lowTemperature\":\"5°C\
user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.FirstTime", "true");
user_pref("CT3279453.FirstTimeFF3", "true");
user_pref("CT3279453.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3279453.UserID", "UN22629397421798942");
user_pref("CT3279453.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3279453.enableFix404ByUser", "TRUE");
user_pref("CT3279453.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT3279453.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3279453.fixUrls", true);
user_pref("CT3279453.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc", "OUVCNzkzOUQtQTAyNy00OURELUJEQzctMEY0NkQwQkM4NEM
user_pref("CT3279453.isCheckedStartAsHidden", true);
user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.isFirstTimeToolbarLoading", "false");
user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=15&CUI=UN2262939742179894
user_pref("CT3279453.lastVersion", "10.15.0.562");
user_pref("CT3279453.mam_gk_installer_preapproved.enc", "VFJVRQ==");
user_pref("CT3279453.migrateAppsAndComponents", true);
user_pref("CT3279453.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? - Standard Für alle Hilfe
user_pref("CT3279453.price-gong.isManagedApp", "true");
user_pref("CT3279453.search.searchAppId", "130029007934982115");
user_pref("CT3279453.search.searchCount", "0");
user_pref("CT3279453.searchInNewTabEnabledByUser", "true");
user_pref("CT3279453.searchInNewTabEnabledInHidden", "true");
user_pref("CT3279453.searchUserMode", "2");
user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279453\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDvideoSoft20.OurToolbar.com//xpi\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDvideoSoft 2.0\"}");
user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3279453.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365573697733");
user_pref("CT3279453.serviceLayer_services_appsMetadata_lastUpdate", "1365573584512");
user_pref("CT3279453.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365573697515");
user_pref("CT3279453.serviceLayer_services_location_lastUpdate", "1365573696840");
user_pref("CT3279453.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365573697635");
user_pref("CT3279453.serviceLayer_services_searchAPI_lastUpdate", "1365573696862");
user_pref("CT3279453.serviceLayer_services_serviceMap_lastUpdate", "1365573696707");
user_pref("CT3279453.serviceLayer_services_setupAPI_lastUpdate", "1365573696905");
user_pref("CT3279453.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365573697323");
user_pref("CT3279453.serviceLayer_services_toolbarSettings_lastUpdate", "1365573583661");
user_pref("CT3279453.serviceLayer_services_translation_lastUpdate", "1365573697276");
user_pref("CT3279453.settingsINI", true);
user_pref("CT3279453.showToolbarPermission", "false");
user_pref("CT3279453.smartbar.CTID", "CT3279453");
user_pref("CT3279453.smartbar.Uninstall", "0");
user_pref("CT3279453.smartbar.homepage", true);
user_pref("CT3279453.smartbar.toolbarName", "DVDvideoSoft 2.0 ");
user_pref("CT3279453.toolbarBornServerTime", "10-4-2013");
user_pref("CT3279453.toolbarCurrentServerTime", "10-4-2013");
user_pref("CT3279453.toolbarLoginClientTime", "Wed Apr 10 2013 07:59:36 GMT+0200");
user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365573575724,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("avg.install.userHPSettings", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=2461001F3AD0E917");
user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=NT_ss&mntrId=2461001F3AD0E917");
user_pref("extensions.mixidj.tlbrId", "mdelta");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279453&SearchSource=13&CUI=UN22629397421798942");
user_pref("smartbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:56:10,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
  • adwCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 11/04/2013 um 15:57:37 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Farm - FARM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Farm\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\bprotector_extensions.sqlite
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Users\Farm\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Farm\AppData\LocalLow\DVDvideoSoft_2.0

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\592d8d8b468be41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\592d8d8b468be41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC2BABBE-9E03-45B3-8218-52989CB9E6EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAD8501B-E9C6-4F6E-9C7B-4EE6B548712A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\prefs.js

Gelöscht : user_pref("CT3279453.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT3279453.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"6°C\",\"temperatu[...]
Gelöscht : user_pref("CT3279453.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3279453.embeddedsData", "[{\"appId\":\"130029007934982115\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT3279453.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3279453.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3279453.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"Für alle Hilfesuchenden! Was mus[...]
Gelöscht : user_pref("CT3279453.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3279453.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3279453.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3279453_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&m[...]
Gelöscht : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=NT_ss&mntrId=24[...]

*************************

AdwCleaner[S1].txt - [7853 octets] - [11/04/2013 15:57:37]

########## EOF - C:\AdwCleaner[S1].txt - [7913 octets] ##########
         
--- --- ---

  • OTL

Extras
Code:
ATTFilter
OTL Extras logfile created on: 18.04.2013 21:17:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,20% Memory free
7,99 Gb Paging File | 6,72 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,60 Gb Free Space | 31,95% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe | 
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe | 
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"mixidj" = MixiDJ Toolbar 
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2013 10:04:48 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.04.2013 13:55:52 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.04.2013 13:56:23 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2013 04:56:19 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2013 15:14:28 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         
OTL
Code:
ATTFilter
OTL logfile created on: 18.04.2013 21:17:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,20% Memory free
7,99 Gb Paging File | 6,72 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,60 Gb Free Space | 31,95% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 91,45 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Users\Farm\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01  [binary data]
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=2461001F3AD0E917
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN30422686161726320&UM=2
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:19:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.10 09:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com
[2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml
[2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 16:19:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.21 08:18:53 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.11 14:34:32 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Farm\Desktop\JRT.exe
[2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\Farm\Desktop\mbar
[2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia
[2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.10 01:18:34 | 000,896,928 | ---- | C] (Oracle Corporation) -- C:\Users\Farm\Desktop\jxpiinstall.exe
[2013.04.10 00:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe
[2013.03.26 08:18:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.25 15:56:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.25 15:50:29 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.25 15:50:29 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.25 15:50:29 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.24 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.21 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.03.21 18:48:04 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\Uniblue
[2013.03.21 18:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.03.21 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013.03.21 18:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DVDVideoSoft
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.03.21 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\CRMixiDJTB
[2013.03.21 08:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.21 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3GP To MP3 Converter
[2013.03.21 08:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3GP2MP3Converter
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.18 21:20:20 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 21:20:20 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 21:17:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.18 21:17:11 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.18 21:17:11 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.18 21:17:11 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.18 21:17:11 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.18 21:12:48 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.18 21:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 21:12:34 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.18 09:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 09:01:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.11 08:11:06 | 000,613,083 | ---- | M] () -- C:\Users\Farm\Desktop\adwcleaner.exe
[2013.04.11 08:10:55 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Farm\Desktop\JRT.exe
[2013.04.10 19:24:42 | 000,000,512 | ---- | M] () -- C:\Users\Farm\Desktop\MBR.dat
[2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 01:18:34 | 000,896,928 | ---- | M] (Oracle Corporation) -- C:\Users\Farm\Desktop\jxpiinstall.exe
[2013.04.10 00:57:14 | 000,377,856 | ---- | M] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe
[2013.04.10 00:54:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Desktop\OTL.exe
[2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable
[2013.04.10 00:51:38 | 000,050,477 | ---- | M] () -- C:\Users\Farm\Desktop\Defogger.exe
[2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2013.03.25 15:50:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.25 15:50:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.25 15:50:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.21 18:48:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.11 08:11:05 | 000,613,083 | ---- | C] () -- C:\Users\Farm\Desktop\adwcleaner.exe
[2013.04.10 19:24:42 | 000,000,512 | ---- | C] () -- C:\Users\Farm\Desktop\MBR.dat
[2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 00:57:13 | 000,377,856 | ---- | C] () -- C:\Users\Farm\Desktop\gmer_2.1.19163.exe
[2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable
[2013.04.10 00:51:38 | 000,050,477 | ---- | C] () -- C:\Users\Farm\Desktop\Defogger.exe
[2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2013.03.21 18:48:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat
[2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Gruß, Nickx.

Alt 19.04.2013, 01:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Bitte JRT neu runterladen und noch neu ausführen. Es gab in der Zwischenzeit gleich zwei neue Versionen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 09:02   #9
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Moin, die Symptome sind übrigens verschwunden, das System scheint wieder einwandfrei zu funktionieren.


JRT Log
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.5 (04.17.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 19.04.2013 at  8:49:46,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope 



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browserprotect"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Emptied folder: C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2013 at  8:59:01,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Grüße, Nickx.

Alt 19.04.2013, 15:45   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Ok, bitte ein frisches OTL-Log posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2013, 16:10   #11
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



OTL
Code:
ATTFilter
OTL logfile created on: 25.04.2013 15:26:37 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,05% Memory free
7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 90,94 Gb Free Space | 88,48% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Farm\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01  [binary data]
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope = {E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN30422686161726320&UM=2
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.18 22:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.10 09:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.21 08:18:59 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com
[2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml
[2013.03.21 08:19:00 | 000,001,296 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\mixidj.xml
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.18 22:13:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia
[2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 15:01:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 14:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 13:34:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 12:01:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 12:01:15 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 03:22:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.24 03:22:59 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.24 03:22:59 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.24 03:22:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.24 03:22:59 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.24 03:18:58 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.24 03:18:21 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.04.23 23:23:59 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat
[2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OTL extra

Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 15:26:38 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,05% Memory free
7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 14,71 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 90,94 Gb Free Space | 88,48% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe | 
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{E79239AB-2753-414E-A1CF-74DC8E3E6128}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{188E6E94-2C81-4363-9658-634E304CCE8F}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe | 
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"mixidj" = MixiDJ Toolbar 
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.04.2013 04:44:01 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2013 02:19:39 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2013 13:10:30 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2013 15:46:32 | Computer Name = Farm-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 23.04.2013 15:47:11 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2013 21:20:14 | Computer Name = Farm-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 19.04.2013 13:54:22 | Computer Name = Farm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
 
< End of report >
         

Alt 25.04.2013, 17:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Da ist imme rnoch Toolbar-Müll drin, JRT und adwCleaner wieder neu runterladen und nochmal ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2013, 22:02   #13
nickx
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Mein Verschulden!
Hier dann die Logs.

JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Farm on 25.04.2013 at 20:20:27,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E85CD372-C6FC-4B7D-B252-F6C2B704FCC4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Farm\AppData\Roaming\crmixidjtb"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\ffxtlbr@mixidj.com
Emptied folder: C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 20:25:06,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Adw Cleaner

Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 25/04/2013 um 20:15:19 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Farm - FARM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Farm\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\searchplugins\mixidj.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B49962AF-CAB9-44DE-8729-A4369F44BA0D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\vsz23vpy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7976 octets] - [11/04/2013 15:57:37]
AdwCleaner[S2].txt - [2830 octets] - [25/04/2013 20:15:19]

########## EOF - C:\AdwCleaner[S2].txt - [2890 octets] ##########
         
OTL

Code:
ATTFilter
OTL logfile created on: 25.04.2013 20:29:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,78% Memory free
7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,09 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 81,52 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Farm\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (CVPND) -- E:\VPN\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 10 6E E7 A8 0E CD 01  [binary data]
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-534391179-305817613-1184640974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.18 22:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 10:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions
[2012.12.28 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.25 20:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions
[2013.04.05 09:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Farm\AppData\Roaming\mozilla\Firefox\Profiles\vsz23vpy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.16 22:59:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.10 00:20:03 | 000,001,088 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\mozilla\firefox\profiles\vsz23vpy.default\searchplugins\dvdvideosoft-20-customized-web-search.xml
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.25 18:09:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.18 22:13:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.15 15:40:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 19:41:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:40:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:40:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 15:40:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:40:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Farm\AppData\Local\Temp\E_SB192.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-534391179-305817613-1184640974-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3CF84D-909B-4BC3-9DC0-12FC96877470}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6d8f16b-ac7c-11e2-a4bc-001f3ad0e917}\Shell - "" = AutoRun
O33 - MountPoints2\{d6d8f16b-ac7c-11e2-a4bc-001f3ad0e917}\Shell\AutoRun\command - "" = G:\CDStart.exe
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4725275-d14c-11e0-8a7a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstallNavi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Farm\Documents\My Games
[2013.04.25 20:10:47 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013.04.25 20:10:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013.04.25 20:10:47 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013.04.25 20:10:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013.04.25 20:10:47 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013.04.25 20:10:47 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013.04.25 20:10:47 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2013.04.25 20:10:47 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2013.04.25 20:10:46 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013.04.25 20:10:46 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013.04.25 16:58:15 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013.04.25 16:58:15 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013.04.25 16:58:15 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013.04.25 16:58:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.04.25 16:58:14 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013.04.25 16:58:14 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013.04.25 16:58:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013.04.25 16:58:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013.04.25 16:58:13 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013.04.25 16:58:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.04.25 16:58:12 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013.04.25 16:58:12 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013.04.25 16:58:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013.04.25 16:58:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013.04.25 16:58:11 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.04.25 16:58:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.04.25 16:58:11 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013.04.25 16:58:11 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013.04.25 16:58:10 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013.04.25 16:58:10 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013.04.25 16:58:10 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013.04.25 16:58:10 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013.04.25 16:58:09 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013.04.25 16:58:09 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013.04.25 16:58:09 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013.04.25 16:58:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013.04.25 16:58:08 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.04.25 16:58:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.04.25 16:58:08 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013.04.25 16:58:08 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.04.25 16:58:08 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013.04.25 16:58:08 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.04.25 16:58:07 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.04.25 16:58:07 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.04.25 16:58:01 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.04.25 16:58:01 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.04.25 16:58:01 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.04.25 16:58:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.04.25 16:58:01 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.04.25 16:58:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.04.25 16:58:00 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.04.25 16:58:00 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.04.25 16:57:59 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.04.25 16:57:59 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.04.25 16:57:58 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.04.25 16:57:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.04.25 16:57:57 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.04.25 16:57:57 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.04.25 16:57:56 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.04.25 16:57:56 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.04.25 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013.04.25 16:22:58 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.04.25 16:22:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.04.25 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.25 16:20:08 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.25 16:20:03 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\DAEMON Tools Lite
[2013.04.25 16:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.11 14:35:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.11 14:34:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.10 16:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 13:14:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 13:14:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 13:14:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 13:14:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 13:14:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 13:14:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 13:14:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 13:14:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 13:14:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 13:14:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 13:14:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 13:14:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 13:14:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 13:14:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 13:14:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.10 07:54:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:54:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:54:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:54:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 01:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.10 01:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.10 01:27:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:27:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:59 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Local\Macromedia
[2013.04.10 01:22:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 20:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 20:26:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 20:26:13 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 20:25:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 20:25:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 20:25:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 20:25:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 20:25:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 20:18:52 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.25 20:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 20:18:32 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 20:01:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 16:41:14 | 000,000,599 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.25 16:20:28 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.11 15:57:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 16:24:52 | 000,440,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 01:26:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.10 01:26:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.10 01:26:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.10 01:26:51 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.10 01:26:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.10 01:22:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.10 01:22:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 00:52:09 | 000,000,000 | ---- | M] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:40 | 000,191,661 | ---- | M] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.25 16:24:45 | 000,000,599 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.04.23 23:23:59 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.04.23 23:23:59 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2013.04.11 15:57:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.10 01:22:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 00:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Farm\defogger_reenable
[2013.04.02 20:52:38 | 000,191,661 | ---- | C] () -- C:\Users\Farm\Desktop\LBV-2013-....... Milch Schwein Pflanze Umwelt.pdf
[2012.01.04 00:56:33 | 000,051,270 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\room_v3.dat
[2011.11.27 10:31:20 | 000,045,013 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.28 11:46:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.28 11:46:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 20:29:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Farm\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,78% Memory free
7,99 Gb Paging File | 6,76 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 15,09 Gb Free Space | 30,91% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 139,99 Gb Free Space | 95,57% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 81,52 Gb Free Space | 79,32% Space Free | Partition Type: NTFS
 
Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A39169BA-3850-4EC2-9BF9-31726DBDE0D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8BF6EC-3397-4FBF-89A8-36382B14681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{107A702C-1B02-4694-8B30-F6A8DFCFDEC7}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{13FAE87C-3D45-4514-BCDE-C98E4299A349}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{14D5ECF5-2942-4526-AFC5-56AC63C44CDA}" = protocol=6 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword_pitboss.exe | 
"{247FA02D-A4DC-4E6E-91F7-D57241FC5ECD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2C41B77C-518D-47C7-84CC-FF21C29AD1D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3EE3D830-A199-4F5C-957B-1E6B2606E08C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3FF7E126-E9B0-4E05-B66F-E18D41D5BD2D}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{45818E48-097E-4DFC-90EA-F65CFE0A10FB}" = protocol=17 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword.exe | 
"{803FCF58-076D-437B-B426-BD175AB6441F}" = protocol=6 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword.exe | 
"{85EE804F-6F07-4C58-B240-2EE1AC59446E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{8E7BF0A1-F8FE-4FF9-822A-8B16571ED0A4}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{961851CA-24DE-49C9-8080-A0F90C79AECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F205118-8057-47FE-9D97-F626A0CC2F2A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{A2845BDF-F9EB-48F3-858B-D13B04655D58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A7B0EF3F-A7F5-463F-B28F-2D451657D648}" = protocol=17 | dir=in | app=e:\neuer ordner (2)\beyond the sword\civ4beyondsword_pitboss.exe | 
"{C619E5D6-115A-4BB5-986A-0FB8F7718937}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{E84C8DA0-2C4A-4880-8E5C-61FF7B665F40}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{E99106A9-A837-452D-B359-7FBB8D5978B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{F97814FB-32C8-412A-938E-E643C262A690}" = protocol=17 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"{FCF39218-753D-4267-92EB-D72B1945C4E6}" = protocol=6 | dir=in | app=e:\steam\steamapps\nickx@gmx.de\counter-strike\hl.exe | 
"TCP Query User{193D106C-A9BA-448C-A1AD-C73E1FC56B82}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{28DFBCD4-5DC5-4C9D-AE08-5BC5C0C9ABF9}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4E711677-F3BB-42BB-89FB-2DEC5A488E1C}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{81780B4D-C5AD-4646-8598-DC93B8207334}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"TCP Query User{81A05F06-49B4-4CE1-AA88-5F899EDAC20D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{85482135-F653-4626-9865-651ADD433BA8}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{8835A9A0-9F87-4E4C-932E-7E2A1731721C}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{BBC1D74A-E31D-4F69-84D1-17723416AE01}E:\garena\garena.exe" = protocol=6 | dir=in | app=e:\garena\garena.exe | 
"TCP Query User{DE4152C3-621A-4DF0-95F9-3B1DF5F0EE47}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{E79239AB-2753-414E-A1CF-74DC8E3E6128}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{F98288C5-66CF-4CA6-B173-DCF3C36D4E2E}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{04B7478A-0A12-490E-91A0-DABF3E907D14}E:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{086A24A8-0434-464F-B525-F844228E0ADE}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{188E6E94-2C81-4363-9658-634E304CCE8F}E:\neuer ordner\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=e:\neuer ordner\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{2D3A43D0-64B2-4203-925C-50F3839D714B}E:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{61A9AD1E-B5C8-477D-8C66-33CEEF2C7B8C}E:\garena\garena.exe" = protocol=17 | dir=in | app=e:\garena\garena.exe | 
"UDP Query User{781406A1-F22B-47A6-BDBC-7F746E47D19F}E:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{791EEE90-8A37-413E-BBC4-7E7C889E88D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8CDDA622-58B3-4676-B9B0-CDA1F205D0C0}E:\neuer ordner\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=e:\neuer ordner\garena plus\room\garena_room.exe | 
"UDP Query User{A0959BC9-047B-4640-B01E-15D0F2DF47F3}E:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{BBA5F2A1-EE0B-4425-AF7B-EBBBDFAA5D04}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{BBDEF914-5923-4E0F-AAC7-B5204C45C818}E:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0630-0716-3135-7887" = JDownloader 2
"CCleaner" = CCleaner
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AF2B855-0054-4BAD-825C-427CB4F3DE04}_is1" = 3GP To MP3 Converter version 1.0 r2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}" = LibreOffice 3.4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.23.320
"Garena" = Garena 2010
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.0.0b
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-534391179-305817613-1184640974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
< End of report >
         
OTL Extras

Alt 25.04.2013, 23:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Standard

DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar
7-zip, adobe, antivir, autorun, avg, avira, battle.net, bho, driverscanner, error, firefox, flash player, format, gmx.de, gruppe, helper, home, install.exe, mozilla, mp3, msiinstaller, object, registry, richtlinie, rundll, scan, security, senden, system, udp, updates, virus, visual studio, wajam, windows



Ähnliche Themen: DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar


  1. Chrome/Chromium: Öffnen mehrerer Tabs / Search-Conduit Startseite / Ask-Toolbar
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (11)
  2. Searchgol Toolbar / Startseite und Tune up Utilities können nicht gelöscht werden
    Log-Analyse und Auswertung - 05.02.2014 (15)
  3. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  4. do-search kann nicht entfernt werden trotz Malware Bites und Avira, Programm nicht mehr sichtbar - do-search trotzdem noch da
    Log-Analyse und Auswertung - 08.12.2013 (21)
  5. search.softonic.com Startseite Toolbar entfernen
    Anleitungen, FAQs & Links - 17.11.2013 (2)
  6. search.conduit.com Startseite neuer Tab nicht änderbar, doppelt unterstrichene Wörter mit dubiosen ads
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (7)
  7. Startseite ist nicht mehr Startseite
    Log-Analyse und Auswertung - 17.10.2013 (5)
  8. Mixi Dj Search lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 21.09.2013 (9)
  9. Certified-toolbar -Search Startseite Problem
    Log-Analyse und Auswertung - 16.02.2013 (8)
  10. protected search trojaner startseite - hijackthis geht nicht
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (16)
  11. Claro-search kann als Startseite nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (17)
  12. search.babylon.com als Startseite lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (21)
  13. Desktophintergrund nicht mehr dauerhaft änderbar
    Plagegeister aller Art und deren Bekämpfung - 08.01.2008 (6)
  14. Startseite nicht änderbar!
    Log-Analyse und Auswertung - 10.08.2005 (4)
  15. Startseite Search for... AdAware laufen lassen --> logs; nicht zu löschen?
    Log-Analyse und Auswertung - 06.02.2005 (11)
  16. Search-system.com Startseite geht nicht weg
    Log-Analyse und Auswertung - 03.12.2004 (8)
  17. HILFE! Kann meine Startseite ( Home Search ) nicht mehr verändern!
    Plagegeister aller Art und deren Bekämpfung - 23.04.2004 (1)

Zum Thema DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar - Moin allerseits, ich habe Probleme mit meinem Browser. Die Startseite und Standardsuchmaschine wurden geändert und eine manuelle Änderung ist nicht mehr möglich. Durch das Lesen anderer Beiträge in diesem Forum - DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar...
Archiv
Du betrachtest: DJ Mixi Search, unerwünsche toolbar, Startseite nicht mehr änderbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.