Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.06.2013, 11:18   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Und ESET? und das frische OTL nach ESET`?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2013, 11:25   #17
IL-2
 
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Code:
ATTFilter
OTL logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found
DRV - (agicixtu) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions
[2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions
[2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine
[2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp
[2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium
[2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide
[2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi
[2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2
[2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2
[2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1)
[2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes
[2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs
[2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30
[2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 12:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.03 11:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job
[2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 06:14:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 06:14:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 06:14:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 06:14:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.03 06:11:18 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.06.03 06:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.06.02 23:18:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 17:32:22 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job
[2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
und
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system | 
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 06:19:54 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:20:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:22:03 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         

LG
IL-2
__________________


Alt 03.06.2013, 11:29   #18
IL-2
 
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Code:
ATTFilter
OTL logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found
DRV - (agicixtu) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions
[2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions
[2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine
[2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp
[2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium
[2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide
[2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi
[2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2
[2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2
[2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1)
[2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes
[2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs
[2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30
[2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 12:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.03 11:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job
[2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 06:14:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 06:14:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 06:14:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 06:14:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.03 06:11:18 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.06.03 06:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.06.02 23:18:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 17:32:22 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job
[2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
und
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system | 
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2013 06:19:54 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:20:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.06.2013 06:22:03 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         

LG
IL-2

Sorry mein Feler
__________________

Alt 03.06.2013, 11:51   #19
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



ESET????
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 05:43   #20
IL-2
 
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Hallo schrauber,
hier ist alles nochmal von vorne

ESET log.txt
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5e0c5ad6a594f418e899303d190aff2
# engine=13985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-04 01:51:02
# local_time=2013-06-04 03:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 0 235733952 24304 0
# compatibility_mode=5893 16776573 100 94 56802 121941853 0 0
# scanned=124013
# found=1
# cleaned=0
# scan_time=18405
sh=CE0365417E97540A36EE7415C3B94F4CEBF399CC ft=1 fh=8073d78db8e63b09 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe"
         
checkup.txt
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 04.06.2013 06:26:09 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 55,07% Memory free
5,33 Gb Paging File | 3,48 Gb Available in Paging File | 65,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,65 Gb Free Space | 52,71% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found
DRV - (agicixtu) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions
[2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions
[2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 22:41:26 | 002,347,384 | ---- | C] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe
[2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine
[2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp
[2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium
[2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide
[2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi
[2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2
[2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2
[2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1)
[2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes
[2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs
[2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30
[2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 06:17:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 06:17:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 06:17:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 06:17:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.04 06:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 06:14:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job
[2013.06.04 06:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 06:13:53 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.06.03 23:25:24 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 23:25:24 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 16:42:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job
[2013.06.03 15:34:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.03 00:23:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe
[2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
und
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 06:26:09 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 55,07% Memory free
5,33 Gb Paging File | 3,48 Gb Available in Paging File | 65,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,65 Gb Free Space | 52,71% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system | 
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.06.2013 00:20:49 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:25:47 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:25:47 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:25:53 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:30:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:30:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:30:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:35:56 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:35:56 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 00:36:02 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 04.06.2013 00:13:52 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
LG
IL-2


Alt 04.06.2013, 06:35   #21
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:files
C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe
:OTL
DRV - (agicixtu) --  File not found
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Und ein frisches OTL Scanlog bitte. Noch PRobleme?
__________________
--> Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V

Alt 04.06.2013, 07:28   #22
IL-2
 
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



06042013_075425
Code:
ATTFilter
All processes killed
========== FILES ==========
File\Folder C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe not found.
========== OTL ==========
Error: No service named agicixtu was found to stop!
Service\Driver key agicixtu not found.
File   File not found not found.
Registry value HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Run\\playgoexec not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: JE
->Temp folder emptied: 2610 bytes
->Temporary Internet Files folder emptied: 386 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6565374 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_075425

Files\Folders moved on Reboot...
C:\Users\JE\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
OTL
Code:
ATTFilter
OTL logfile created on: 04.06.2013 08:15:09 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 56,22% Memory free
5,33 Gb Paging File | 3,71 Gb Available in Paging File | 69,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,85 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found
DRV - (ap1t8ob6) --  File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01  [binary data]
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions
[2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions
[2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions
[2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.11 20:48:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 20:13:03 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 07:49:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.03 22:41:26 | 002,347,384 | ---- | C] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe
[2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine
[2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp
[2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium
[2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
[2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide
[2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi
[2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2
[2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2
[2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1)
[2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes
[2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs
[2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30
[2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 08:17:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.04 08:01:25 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 08:01:25 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 07:55:47 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.06.04 07:55:45 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.06.04 07:55:42 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.04 07:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 07:55:20 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 07:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job
[2013.06.04 06:17:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.04 06:17:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.04 06:17:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.04 06:17:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.03 16:42:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job
[2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.03 00:23:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe
[2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe
[2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe
[2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe
[2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll
[2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe
[2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe
[2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe
[2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk
[2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url
[2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk
[2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk
[2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.25 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\becker
[2013.03.07 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\DVDVideoSoft
[2013.02.20 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\EPSON
[2012.07.15 23:36:10 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Need for Speed World
[2012.07.14 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Opera
[2012.07.23 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Thunderbird
[2012.07.14 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 08:15:09 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JE\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,67 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 56,22% Memory free
5,33 Gb Paging File | 3,71 Gb Available in Paging File | 69,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,85 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
 
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system | 
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | 
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.06.2013 02:07:19 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:12:17 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:12:17 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:12:24 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:17:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:17:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:17:28 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:22:26 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:22:26 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 02:22:32 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 04.06.2013 00:13:52 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.06.2013 01:50:00 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 04.06.2013 01:54:26 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         

LG
IL-2

Alt 04.06.2013, 07:41   #23
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2013, 07:44   #24
IL-2
 
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Hallo schrauber,
Heißt es,der Rechner ist sauber?

Alt 04.06.2013, 09:24   #25
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Standard

Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V



Jo, je nachdem wie du die Frage beantwortest
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
.com, avira, bho, converter, error, excel, fehler, firefox, flash player, foxydeal, google, helper, homepage, install.exe, mozilla, mp3, nvpciflt.sys, object, plug-in, proxy, realtek, registry, scan, security, senden, software, softwareupdater, sprotection, storm, svchost.exe, taskhost.exe, tr/agent.131072.v., tr/symmi.20469, trojaner, windows, wrapper




Ähnliche Themen: Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V


  1. Trojaner TR/Symmi, Virus geblockt
    Plagegeister aller Art und deren Bekämpfung - 18.05.2014 (9)
  2. TR/Agent.131072.V und PHISH/PayPal.27959 wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 29.01.2014 (7)
  3. TR/Agent.131072.V - Fund von Antivir \Windows Vista Home Basic Service Pack 2
    Log-Analyse und Auswertung - 13.10.2013 (15)
  4. Inkasso Zip-Datei geöffnet, Trojaner TR/Agent.131072.V eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (10)
  5. TR/AGent.131072.V Trojaner bitte hilfe beim Entfernen!!!
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (5)
  6. Virusbefall TR/Agent.131072.V
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (6)
  7. TR/Spy.ZBot.mltm / TR/Bublik.I.16 / TR/Ransom.Blocker.blak / TR/Agent.57344.206 / TR/Bublik.I.14
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (11)
  8. Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD
    Log-Analyse und Auswertung - 25.06.2013 (13)
  9. Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
    Lob, Kritik und Wünsche - 04.06.2013 (1)
  10. Trojanerbefall [TR/Agent.131072.V + JAVA/Lamar.RG]
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (7)
  11. Trojaner Bubli.avlv, Matsnu.A, Symmi.20469 im AppData Ordner nach Inkasso-Mail gefunden
    Log-Analyse und Auswertung - 28.05.2013 (23)
  12. Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (17)
  13. TR/Agent.131072.V Datei wurde gelöscht.....trotzdem Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (9)
  14. Zip-Datei geöffnet, Trojaner TR/Agent.131072.V eingefangen
    Log-Analyse und Auswertung - 17.05.2013 (26)
  15. win32 trustezeb C und TR/Bublik.avlv
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (11)
  16. antivir findet TR/Bublik.I.2 und danach TR/Bublik.I.3 .. doppelte Zeichen ^^
    Log-Analyse und Auswertung - 10.03.2013 (3)
  17. GVU-Trojaner mit Webcam, Symmi
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (22)

Zum Thema Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V - Und ESET? und das frische OTL nach ESET`? - Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V...
Archiv
Du betrachtest: Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.