| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.VWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2013, 11:18
| #16 |
| /// the machine /// TB-Ausbilder    |  Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V Und ESET? und das frische OTL nach ESET`?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2013, 11:25
| #17 |
 | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.VCode:
ATTFilter OTL logfile created on: 03.06.2013 12:15:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free 5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found DRV - (agicixtu) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions [2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions [2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions [2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine [2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp [2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium [2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide [2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi [2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2 [2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2 [2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1) [2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes [2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs [2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30 [2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.03 12:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.03 11:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job [2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 06:14:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.03 06:14:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.03 06:14:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.03 06:14:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.03 06:11:18 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.06.03 06:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.06.02 23:18:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 17:32:22 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job [2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll [2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system |
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system |
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 06:19:54 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:20:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:22:03 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
LG IL-2 |
|
03.06.2013, 11:29
| #18 |
| | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.VCode:
ATTFilter OTL logfile created on: 03.06.2013 12:15:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free 5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found DRV - (agicixtu) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions [2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions [2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions [2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine [2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp [2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium [2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide [2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi [2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2 [2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2 [2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1) [2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes [2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs [2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30 [2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.03 12:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.03 11:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job [2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 06:26:36 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 06:14:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.03 06:14:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.03 06:14:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.03 06:14:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.03 06:11:18 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.06.03 06:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.06.02 23:18:10 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 17:32:22 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job [2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll [2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,67 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 46,95% Memory free
5,33 Gb Paging File | 3,53 Gb Available in Paging File | 66,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,88 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system |
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system |
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 06:19:54 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:20:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:18 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:21:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.06.2013 06:22:03 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
LG IL-2 Sorry mein Feler |
|
03.06.2013, 11:51
| #19 |
| /// the machine /// TB-Ausbilder | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V ESET????
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2013, 05:43
| #20 |
| | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V Hallo schrauber, hier ist alles nochmal von vorne ESET log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5e0c5ad6a594f418e899303d190aff2
# engine=13985
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-04 01:51:02
# local_time=2013-06-04 03:51:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 0 235733952 24304 0
# compatibility_mode=5893 16776573 100 94 56802 121941853 0 0
# scanned=124013
# found=1
# cleaned=0
# scan_time=18405
sh=CE0365417E97540A36EE7415C3B94F4CEBF399CC ft=1 fh=8073d78db8e63b09 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
Code:
ATTFilter OTL logfile created on: 04.06.2013 06:26:09 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 55,07% Memory free 5,33 Gb Paging File | 3,48 Gb Available in Paging File | 65,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 72,65 Gb Free Space | 52,71% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found DRV - (agicixtu) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions [2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions [2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions [2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 22:41:26 | 002,347,384 | ---- | C] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe [2013.06.03 00:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine [2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp [2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium [2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide [2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi [2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2 [2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2 [2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1) [2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes [2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs [2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30 [2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 06:17:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.04 06:17:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.04 06:17:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.04 06:17:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.04 06:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 06:14:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job [2013.06.04 06:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 06:13:53 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.06.03 23:25:24 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 23:25:24 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 16:42:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job [2013.06.03 15:34:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.03 00:23:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe [2013.06.02 23:18:29 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.06.02 23:17:49 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll [2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 06:26:09 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,67 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 55,07% Memory free
5,33 Gb Paging File | 3,48 Gb Available in Paging File | 65,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,65 Gb Free Space | 52,71% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system |
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system |
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 00:20:49 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:25:47 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:25:47 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:25:53 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:30:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:30:52 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:30:58 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:35:56 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:35:56 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 00:36:02 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 04.06.2013 00:13:52 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
< End of report >
IL-2 |
|
04.06.2013, 06:35
| #21 |
| /// the machine /// TB-Ausbilder | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.VFixen mit OTL
Code:
ATTFilter :files
C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe
:OTL
DRV - (agicixtu) -- File not found
O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [playgoexec] -autorun File not found
:Commands
[emptytemp]
Und ein frisches OTL Scanlog bitte. Noch PRobleme?
__________________ --> Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V |
|
04.06.2013, 07:28
| #22 |
| | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V 06042013_075425 Code:
ATTFilter All processes killed
========== FILES ==========
File\Folder C:\Users\JE\AppData\Local\DownloadGuide\Offers\addlyrics.exe not found.
========== OTL ==========
Error: No service named agicixtu was found to stop!
Service\Driver key agicixtu not found.
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Run\\playgoexec not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JE
->Temp folder emptied: 2610 bytes
->Temporary Internet Files folder emptied: 386 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6565374 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_075425
Files\Folders moved on Reboot...
C:\Users\JE\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 04.06.2013 08:15:09 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 56,22% Memory free 5,33 Gb Paging File | 3,71 Gb Available in Paging File | 69,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 72,85 Gb Free Space | 52,86% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\JE\AppData\Local\Temp\catchme.sys File not found DRV - (ap1t8ob6) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions [2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions [2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.06.02 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions [2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.11 20:48:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.17 20:13:03 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3457223372-1182995303-1409636268-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 07:49:59 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.03 22:41:26 | 002,347,384 | ---- | C] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe [2013.06.02 23:04:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.02 23:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 23:04:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\RK_Quarantine [2013.06.02 22:35:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.02 22:35:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.02 22:26:42 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.02 22:18:18 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 21:11:09 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\temp [2013.06.02 21:03:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.02 21:03:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.02 21:03:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.02 21:02:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.02 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium [2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide [2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi [2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2 [2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2 [2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1) [2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes [2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs [2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30 [2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys ========== Files - Modified Within 30 Days ========== [2013.06.04 08:17:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 08:01:25 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 08:01:25 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 07:55:47 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.06.04 07:55:45 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.06.04 07:55:42 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.04 07:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 07:55:20 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 07:42:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job [2013.06.04 06:17:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.04 06:17:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.04 06:17:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.04 06:17:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.03 16:42:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job [2013.06.03 12:06:33 | 000,890,839 | ---- | M] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.03 00:23:54 | 002,347,384 | ---- | M] (ESET) -- C:\Users\JE\Desktop\esetsmartinstaller_enu.exe [2013.06.02 23:03:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JE\Desktop\JRT.exe [2013.06.02 22:54:51 | 000,632,031 | ---- | M] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:45:38 | 000,816,128 | ---- | M] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 22:17:59 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\JE\Desktop\ComboFix.exe [2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll [2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys ========== Files Created - No Company Name ========== [2013.06.03 12:06:46 | 000,890,839 | ---- | C] () -- C:\Users\JE\Desktop\SecurityCheck (1).exe [2013.06.02 22:55:19 | 000,632,031 | ---- | C] () -- C:\Users\JE\Desktop\adwcleaner.exe [2013.06.02 22:47:53 | 000,816,128 | ---- | C] () -- C:\Users\JE\Desktop\RogueKiller_8.5.4.exe [2013.06.02 21:03:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.02 21:03:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.02 21:03:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.02 21:03:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.02 21:03:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.12.14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012.12.14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.12.14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.12.14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.12.14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.07.14 21:51:20 | 003,065,455 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.25 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\becker [2013.03.07 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\DVDVideoSoft [2013.02.20 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\EPSON [2012.07.15 23:36:10 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Need for Speed World [2012.07.14 22:45:30 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Opera [2012.07.23 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Thunderbird [2012.07.14 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\JE\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 08:15:09 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,67 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 56,22% Memory free
5,33 Gb Paging File | 3,71 Gb Available in Paging File | 69,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,83 Gb Total Space | 72,85 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 170,28 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,83 Gb Total Space | 14,82 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: JE-PC | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system |
"{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system |
"{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system |
"{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe |
"UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"IncrediMail" = IncrediMail 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"ProInst" = Intel PROSet Wireless
"singalong@xenophesoft.com" = Sing Along
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3457223372-1182995303-1409636268-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2013 02:07:19 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:12:17 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:12:17 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:12:24 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:17:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:17:21 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:17:28 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:22:26 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:22:26 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.06.2013 02:22:32 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 02.06.2013 17:32:25 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
Error - 02.06.2013 18:26:13 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:14 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 18:26:15 | Computer Name = JE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 02.06.2013 19:46:44 | Computer Name = JE-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 04.06.2013 00:13:52 | Computer Name = JE-PC | Source = DCOM | ID = 10010
Description =
Error - 04.06.2013 01:50:00 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 04.06.2013 01:54:26 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
LG IL-2 |
|
04.06.2013, 07:41
| #23 |
| /// the machine /// TB-Ausbilder | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2013, 07:44
| #24 |
| | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V Hallo schrauber, Heißt es,der Rechner ist sauber? |
|
04.06.2013, 09:24
| #25 |
| /// the machine /// TB-Ausbilder | Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V Jo, je nachdem wie du die Frage beantwortest 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V |
| .com, avira, bho, converter, error, excel, fehler, firefox, flash player, foxydeal, google, helper, homepage, install.exe, mozilla, mp3, nvpciflt.sys, object, plug-in, proxy, realtek, registry, scan, security, senden, software, softwareupdater, sprotection, storm, svchost.exe, taskhost.exe, tr/agent.131072.v., tr/symmi.20469, trojaner, windows, wrapper |
Textbox. 
Linear-Darstellung
