Jump to content


Photo
- - - - -

Trojan.fake.ms

Trojan.fake.ms

  • This topic is locked This topic is locked
8 replies to this topic

#1 CharlyWork

CharlyWork

    New Member

  • Members
  • Pip
  • 5 posts

Posted 20 December 2012 - 09:16 AM

Hello!

During a full scan, my German version of malwarebytes found this infection and removed it:


C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\71585640-43d0441c (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.


I ran dds and OTL. Please find the logs below. Do you think I got rid of that thing or do I need to perform additional scans?

Thank you very much for your support!



Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25.09.2012 21:54:37
System Uptime: 20.12.2012 14:12:31 (0 hours ago)
.
Motherboard: MEDION |  | WIM2180
Processor: Intel(R) Core(TM)2 Duo CPU	 T5550  @ 1.83GHz | U2E1 | 1319/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 269 GiB total, 157,689 GiB free.
D: is FIXED (FAT32) - 29 GiB total, 9,064 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3531-W-D
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
AIO_Scan
AuthenTec TrueSuite
AVG 2013
AVG Security Toolbar
BufferChm
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
Copy
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dropbox
F4100
F4100_Help
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
JDownloader 0.9
Malwarebytes Anti-Malware Version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NVIDIA Grafiktreiber 306.23
NVIDIA Install Application
NVIDIA Systemsteuerung 306.23
PDF24 Creator 4.9.0
PlayReady PC Runtime amd64
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Simple Adblock
Sitecom 300N X2 USB Wireless LAN Driver and Utility
SmartWebPrinting
SolutionCenter
Status
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.2
Wartung Samsung ML-2525W Series
WebReg
Winamp
Winamp Erkennungs-Plug-in
Winmail Opener 1.5
WinRAR 4.20 (64-Bit)
Yahoo! Detect
.
==== End Of File ===========================


DDS


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by **** at 14:48:03 on 2012-12-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.1609 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C8066C9A-7D0C-4CB0-898D-2A10600F8A5A} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bvzua9oi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-10-15 21:31; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2009-2-9 333864]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-26 30568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 399432]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2012-9-25 36864]
R2 ScrybeUpdater;Scrybe-Updateprogramm;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-27 25928]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-9-25 694888]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 676936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 TrdCap64;CTX's capture service;C:\Windows\System32\drivers\TrdCap64.sys [2010-6-9 1887528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
.
=============== Created Last 30 ================
.
2012-12-15 12:03:57 -------- d-----w- C:\Program Files (x86)\Winmail Opener
2012-12-12 18:08:13 -------- d-----w- C:\Windows\Migration
2012-12-12 16:07:57 91136 ----a-w- C:\Windows\SysWow64\wbem\wmiutils.dll
2012-12-12 15:59:16 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 10:30:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 10:30:15 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 10:30:09 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 10:30:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-12 10:30:08 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-12 10:30:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-12 10:30:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 10:30:01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-05 23:06:08 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-26 12:47:20 -------- d-----w- C:\Users\****\4.0
2012-11-26 12:47:20 -------- d-----w- C:\Users\****.tfo4
.
==================== Find3M  ====================
.
2012-12-12 16:09:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 16:09:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 10:50:55 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-03 01:08:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-03 01:08:35 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-03 01:08:35 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 01:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 00:28:32 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-26 00:28:32 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-26 00:28:32 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-25 22:55:37 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-09-25 22:55:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-09-25 22:55:37 136704 ----a-w- C:\Windows\System32\browser.dll
2012-09-25 22:54:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-09-25 22:52:44 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-09-25 22:52:44 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-09-25 22:52:44 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-09-25 22:52:44 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-09-25 22:52:44 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-09-25 22:52:44 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-09-25 22:51:38 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-09-25 22:49:34 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-09-25 22:49:34 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-09-25 22:48:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-09-25 22:48:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-09-25 22:48:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-09-25 22:48:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 22:40:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-09-25 22:30:07 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-09-25 22:30:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-09-25 22:29:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-25 22:29:12 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-25 22:29:12 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-25 22:29:12 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-25 22:29:12 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-25 22:28:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-09-25 22:28:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-09-25 22:28:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-09-25 22:28:19 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-09-25 22:27:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-09-25 22:27:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-09-25 22:27:24 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-09-25 22:27:24 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-09-25 22:26:56 395776 ----a-w- C:\Windows\System32\webio.dll
2012-09-25 22:26:56 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-09-25 22:26:56 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-09-25 22:26:56 29184 ----a-w- C:\Windows\System32\sspisrv.dll
.
============= FINISH: 14:48:27,85 ===============


#2 CharlyWork

CharlyWork

    New Member

  • Members
  • Pip
  • 5 posts

Posted 20 December 2012 - 09:17 AM

The post was too long. Here are the OTL logs:


OTL

OTL logfile created on: 20.12.2012 14:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,50% Memory free
6,00 Gb Paging File | 4,55 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 268,80 Gb Total Space | 157,70 Gb Free Space | 58,67% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 9,06 Gb Free Space | 30,96% Space Free | Partition Type: FAT32

Computer Name: **** | User Name: **** Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\****Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TrdCap64) -- C:\Windows\SysNative\drivers\TrdCap64.sys (Trident Microsystems, Inc.)
DRV:[b]64bit:[/b] - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:[b]64bit:[/b] - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV:[b]64bit:[/b] - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV:[b]64bit:[/b] - (Si3531) -- C:\Windows\SysNative\drivers\Si3531.sys (Silicon Image, Inc)
DRV:[b]64bit:[/b] - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.09 11:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.15 20:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 00:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 00:06:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.15 20:31:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 00:06:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 00:06:08 | 000,000,000 | ---D | M]

[2012.09.26 00:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.12.18 12:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****AppData\Roaming\mozilla\Firefox\Profiles\bvzua9oi.default\extensions
[2012.12.10 12:15:39 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bvzua9oi.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.12.18 12:50:05 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bvzua9oi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.24 11:43:31 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bvzua9oi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.06 00:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 00:06:16 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 11:51:01 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:[b]64bit:[/b] - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8066C9A-7D0C-4CB0-898D-2A10600F8A5A}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53cf9ef1-07b3-11e2-8a99-0016d38ba74d}\Shell - "" = AutoRun
O33 - MountPoints2\{53cf9ef1-07b3-11e2-8a99-0016d38ba74d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.12.20 12:57:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****Desktop\OTL.exe
[2012.12.15 13:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winmail Opener
[2012.12.15 13:03:57 | 000,000,000 | ---D | C] -- C:\Users\****AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener
[2012.12.15 13:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winmail Opener
[2012.12.15 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\****Documents\Outlook-Dateien
[2012.12.12 19:08:13 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012.12.12 17:08:27 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2012.12.12 17:08:27 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2012.12.12 17:08:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2012.12.12 17:08:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2012.12.12 17:08:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012.12.12 17:08:07 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012.12.12 17:08:07 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012.12.12 17:08:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012.12.12 17:08:03 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012.12.12 17:08:03 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012.12.12 17:08:03 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012.12.12 17:08:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012.12.12 17:08:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012.12.12 17:08:03 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012.12.12 17:08:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012.12.12 17:08:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012.12.12 17:08:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012.12.12 17:08:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012.12.12 17:08:00 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012.12.12 17:07:56 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2012.12.12 17:07:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012.12.12 17:07:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012.12.12 17:07:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2012.12.12 17:07:55 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2012.12.12 17:07:55 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012.12.12 17:07:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2012.12.12 17:07:55 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2012.12.12 17:07:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012.12.12 17:07:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012.12.12 17:07:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012.12.12 17:07:54 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012.12.12 17:07:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012.12.12 17:07:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012.12.12 17:07:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012.12.12 17:07:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2012.12.12 17:07:53 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2012.12.12 17:07:53 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012.12.12 17:07:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012.12.12 17:07:47 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2012.12.12 17:07:47 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2012.12.12 17:07:47 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2012.12.12 17:07:47 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2012.12.12 17:07:47 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2012.12.12 17:07:47 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2012.12.12 17:07:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012.12.12 17:07:46 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012.12.12 17:07:46 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012.12.12 17:07:46 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012.12.12 17:07:46 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012.12.12 17:07:46 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012.12.12 17:07:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012.12.12 17:07:45 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012.12.12 17:07:44 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2012.12.12 17:07:43 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2012.12.12 17:07:43 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2012.12.12 17:07:43 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2012.12.12 17:07:43 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012.12.12 17:07:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012.12.12 16:59:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 16:59:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 16:59:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 16:59:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 16:59:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 16:59:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 16:59:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 16:59:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 16:59:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 16:59:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 16:59:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 16:59:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 16:59:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 16:59:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 16:59:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 11:30:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.12 11:30:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.12 11:30:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.12 11:30:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 11:30:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 11:30:00 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 11:29:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 11:29:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 11:29:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 11:29:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 11:29:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 11:29:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 11:29:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 11:29:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 11:29:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 11:29:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 11:29:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 11:29:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 11:29:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 11:29:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 11:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 11:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 11:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 11:29:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 11:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 11:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 11:29:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 11:29:43 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 11:29:43 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.09 21:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.12.06 00:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 17:12:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.26 13:47:20 | 000,000,000 | ---D | C] -- C:\Users\****\4.0
[2012.11.26 13:47:20 | 000,000,000 | ---D | C] -- C:\Users\****.tfo4

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.12.20 14:20:28 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 14:20:28 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 14:13:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 14:13:10 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 14:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 13:02:46 | 000,054,202 | ---- | M] () -- C:\Users\****\Desktop\Junior Referent Business Transformation.pdf
[2012.12.20 12:57:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****Desktop\OTL.exe
[2012.12.20 11:49:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 11:49:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 11:49:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 11:49:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 11:49:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.19 11:56:11 | 000,000,365 | ---- | M] () -- C:\Users\****Desktop\Online Produktmanager (mw) für otto.de - Hamburg - Otto GmbH & Co. KG - Sales & Marketing Jobs bei StepStone.URL
[2012.12.18 22:26:38 | 000,000,280 | ---- | M] () -- C:\Users\****\Desktop\Online Marketing Manager (mw) Fokus Display - i-potentials Jobboard.URL
[2012.12.18 22:26:35 | 000,000,272 | ---- | M] () -- C:\Users\****Desktop\PR & Social Media Genie (mw) für Booking App - i-potentials Jobboard.URL
[2012.12.18 22:26:31 | 000,000,269 | ---- | M] () -- C:\Users\****\Desktop\Otto Group Marketing Assistentin Onlineredaktion Marketing.URL
[2012.12.18 22:26:25 | 000,000,268 | ---- | M] () -- C:\Users\****Desktop\Otto Group Junior Managerin Marketing Strategie Marketing.URL
[2012.12.18 18:12:28 | 000,000,255 | ---- | M] () -- C:\Users\****\Desktop\Jobs, Praktika, Trainee, Abschlußarbeiten für Akademiker Jobs squeaker.net squeaker.net.URL
[2012.12.18 12:27:20 | 000,000,366 | ---- | M] () -- C:\Users\****Desktop\Trainee Online-Bereich (mw) - Berlin - Idealo Internet GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.18 12:27:15 | 000,000,365 | ---- | M] () -- C:\Users\****\Desktop\Junior Online Produkt Manager (mw) - Hamburg - StepStone Deutschland GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.17 18:00:15 | 000,000,275 | ---- | M] () -- C:\Users\****Desktop\Stellenangebot Key Account Manager in Berlin bei NetHotels Deutschland GmbH.URL
[2012.12.17 17:58:58 | 000,000,204 | ---- | M] () -- C:\Users\****\Desktop\IUBH Alumni.URL
[2012.12.17 15:44:05 | 000,000,200 | ---- | M] () -- C:\Users\****Desktop\Hotel jobs and careers, employment and job opportunities worldwide Hyatt.URL
[2012.12.17 15:29:18 | 000,000,350 | ---- | M] () -- C:\Users\****\Desktop\Booking.com Careers.URL
[2012.12.15 13:03:58 | 000,001,053 | ---- | M] () -- C:\Users\****Desktop\Winmail Opener.lnk
[2012.12.12 19:11:01 | 000,417,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.12 19:07:31 | 000,000,231 | ---- | M] () -- C:\Users\****Desktop\OYE-Records Webshop.URL
[2012.12.12 17:09:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 17:09:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.11 17:29:33 | 000,000,272 | ---- | M] () -- C:\Users\****\Desktop\Trainee Kundenbindung und Strategieentwicklung (mw) - Köln - REWE Markt GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.11 17:25:22 | 000,000,382 | ---- | M] () -- C:\Users\****Desktop\REWE - Stellenbörse.URL
[2012.12.11 17:23:25 | 000,000,439 | ---- | M] () -- C:\Users\****\Desktop\REWE Trainee - Kaufmännische Zentralbereiche.URL
[2012.12.11 17:04:05 | 000,000,250 | ---- | M] () -- C:\Users\****Desktop\TUI AG – Für Absolventen & Young Professionals.URL
[2012.12.11 16:52:04 | 000,000,366 | ---- | M] () -- C:\Users\****\Desktop\Marketing Coordinator Distributor Countries m f - Frankfurt am Main - Nintendo of Europe GmbH - Sales & Marketing Jobs bei S.URL
[2012.12.10 22:54:45 | 000,000,366 | ---- | M] () -- C:\Users\****Desktop\Portfolio Manager (mw) - Hamburg - PERFORMANCE ADVERTISING GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.10 22:53:06 | 000,000,364 | ---- | M] () -- C:\Users\****\Desktop\Start up! - Vorstandsbereich Telekom Deutschland, Schwerpunkte Marketing, Sales & Service - Start 2013 - Bonn - Deutsche Tel.URL
[2012.12.04 23:54:24 | 000,000,099 | ---- | M] () -- C:\Users\****Desktop\Trainee General Management (wm) - eBay.URL
[2012.12.04 23:54:10 | 000,000,317 | ---- | M] () -- C:\Users\****\Desktop\Online Marketing Trainee (mf) - HitFox Game Ventures.URL
[2012.12.04 11:26:05 | 000,000,210 | ---- | M] () -- C:\Users\****Desktop\Produktmanager Medizintechnik (WM) - Berlin - SOMATEX Medical Technologies GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.03 13:20:34 | 000,094,009 | ---- | M] () -- C:\Users\****\Desktop\HELIOS_Privatkliniken_GmbH_Patientenmanagement_Trainee_pdf.pdf
[2012.12.02 23:59:43 | 000,000,210 | ---- | M] () -- C:\Users\****Desktop\Portfolio Manager Kundenberater Mobile (mw) - Hamburg - G + J Electronic Media Sales GmbH - Sales & Marketing Jobs bei StepS.URL
[2012.12.01 17:12:28 | 414,596,459 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.30 12:55:02 | 000,000,210 | ---- | M] () -- C:\Users\****Desktop\MarketingProduktmanagement OTC - Rhein-Main-Gebiet - FETTE PHARMA AG - Sales & Marketing Jobs bei StepStone.URL
[2012.11.26 17:18:32 | 000,000,080 | ---- | M] () -- C:\Users\****\Desktop\trivago.de - Hotelpreisvergleich Günstige Hotels finden Hotelsuche – trivago.de.URL
[2012.11.22 00:48:33 | 000,000,088 | ---- | M] () -- C:\Users\****Desktop\Comedy Mastermind Judd Apatow - Serious Jibber-Jabber with Conan O'Brien.URL

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.12.20 13:02:45 | 000,054,202 | ---- | C] () -- C:\Users\****Desktop\Junior Referent Business Transformation.pdf
[2012.12.19 11:56:11 | 000,000,365 | ---- | C] () -- C:\Users\****\Desktop\Online Produktmanager (mw) für otto.de - Hamburg - Otto GmbH & Co. KG - Sales & Marketing Jobs bei StepStone.URL
[2012.12.18 22:26:38 | 000,000,280 | ---- | C] () -- C:\Users\****Desktop\Online Marketing Manager (mw) Fokus Display - i-potentials Jobboard.URL
[2012.12.18 22:26:35 | 000,000,272 | ---- | C] () -- C:\Users\****\Desktop\PR & Social Media Genie (mw) für Booking App - i-potentials Jobboard.URL
[2012.12.18 22:26:31 | 000,000,269 | ---- | C] () -- C:\Users\****Desktop\Otto Group Marketing Assistentin Onlineredaktion Marketing.URL
[2012.12.18 22:26:25 | 000,000,268 | ---- | C] () -- C:\Users\****\Desktop\Otto Group Junior Managerin Marketing Strategie Marketing.URL
[2012.12.18 18:12:28 | 000,000,255 | ---- | C] () -- C:\Users\****Desktop\Jobs, Praktika, Trainee, Abschlußarbeiten für Akademiker Jobs squeaker.net squeaker.net.URL
[2012.12.18 12:27:20 | 000,000,366 | ---- | C] () -- C:\Users\****\Desktop\Trainee Online-Bereich (mw) - Berlin - Idealo Internet GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.18 12:27:15 | 000,000,365 | ---- | C] () -- C:\Users\****Desktop\Junior Online Produkt Manager (mw) - Hamburg - StepStone Deutschland GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.17 18:00:15 | 000,000,275 | ---- | C] () -- C:\Users\****\Desktop\Stellenangebot Key Account Manager in Berlin bei NetHotels Deutschland GmbH.URL
[2012.12.17 17:58:58 | 000,000,204 | ---- | C] () -- C:\Users\****Desktop\IUBH Alumni.URL
[2012.12.17 15:44:05 | 000,000,200 | ---- | C] () -- C:\Users\****\Desktop\Hotel jobs and careers, employment and job opportunities worldwide Hyatt.URL
[2012.12.17 15:29:18 | 000,000,350 | ---- | C] () -- C:\Users\****Desktop\Booking.com Careers.URL
[2012.12.15 13:03:58 | 000,001,053 | ---- | C] () -- C:\Users\****\Desktop\Winmail Opener.lnk
[2012.12.12 19:07:31 | 000,000,231 | ---- | C] () -- C:\Users\****Desktop\OYE-Records Webshop.URL
[2012.12.12 17:08:07 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.12.12 17:08:06 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.12.12 17:08:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.12.12 17:07:58 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012.12.12 17:07:48 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.12.11 17:29:33 | 000,000,272 | ---- | C] () -- C:\Users\****Desktop\Trainee Kundenbindung und Strategieentwicklung (mw) - Köln - REWE Markt GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.11 17:25:22 | 000,000,382 | ---- | C] () -- C:\Users\****\Desktop\REWE - Stellenbörse.URL
[2012.12.11 17:14:19 | 000,000,439 | ---- | C] () -- C:\Users\****Desktop\REWE Trainee - Kaufmännische Zentralbereiche.URL
[2012.12.11 17:04:05 | 000,000,250 | ---- | C] () -- C:\Users\****\Desktop\TUI AG – Für Absolventen & Young Professionals.URL
[2012.12.11 16:52:04 | 000,000,366 | ---- | C] () -- C:\Users\****Desktop\Marketing Coordinator Distributor Countries m f - Frankfurt am Main - Nintendo of Europe GmbH - Sales & Marketing Jobs bei S.URL
[2012.12.10 22:54:45 | 000,000,366 | ---- | C] () -- C:\Users\****\Desktop\Portfolio Manager (mw) - Hamburg - PERFORMANCE ADVERTISING GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.10 22:53:06 | 000,000,364 | ---- | C] () -- C:\Users\****Desktop\Start up! - Vorstandsbereich Telekom Deutschland, Schwerpunkte Marketing, Sales & Service - Start 2013 - Bonn - Deutsche Tel.URL
[2012.12.04 23:54:24 | 000,000,099 | ---- | C] () -- C:\Users\****\Desktop\Trainee General Management (wm) - eBay.URL
[2012.12.04 23:54:10 | 000,000,317 | ---- | C] () -- C:\Users\****Desktop\Online Marketing Trainee (mf) - HitFox Game Ventures.URL
[2012.12.04 11:26:05 | 000,000,210 | ---- | C] () -- C:\Users\****\Desktop\Produktmanager Medizintechnik (WM) - Berlin - SOMATEX Medical Technologies GmbH - Sales & Marketing Jobs bei StepStone.URL
[2012.12.03 13:20:34 | 000,094,009 | ---- | C] () -- C:\Users\****Desktop\HELIOS_Privatkliniken_GmbH_Patientenmanagement_Trainee_pdf.pdf
[2012.12.02 23:59:43 | 000,000,210 | ---- | C] () -- C:\Users\****\Desktop\Portfolio Manager Kundenberater Mobile (mw) - Hamburg - G + J Electronic Media Sales GmbH - Sales & Marketing Jobs bei StepS.URL
[2012.12.01 17:12:28 | 414,596,459 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.30 12:55:02 | 000,000,210 | ---- | C] () -- C:\Users\****\Desktop\MarketingProduktmanagement OTC - Rhein-Main-Gebiet - FETTE PHARMA AG - Sales & Marketing Jobs bei StepStone.URL
[2012.11.26 17:18:32 | 000,000,080 | ---- | C] () -- C:\Users\****Desktop\trivago.de - Hotelpreisvergleich Günstige Hotels finden Hotelsuche – trivago.de.URL
[2012.11.22 00:48:33 | 000,000,088 | ---- | C] () -- C:\Users\****\Desktop\Comedy Mastermind Judd Apatow - Serious Jibber-Jabber with Conan O'Brien.URL
[2012.10.15 20:26:11 | 000,186,075 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.10.15 20:26:11 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.10.05 16:41:07 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.09.27 14:55:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.09.25 23:11:59 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.25 21:51:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.09.25 23:50:34 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.25 23:50:34 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >

Extras

OTL Extras logfile created on: 20.12.2012 14:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,50% Memory free
6,00 Gb Paging File | 4,55 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 268,80 Gb Total Space | 157,70 Gb Free Space | 58,67% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 9,06 Gb Free Space | 30,96% Space Free | Partition Type: FAT32

Computer Name: **** | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{129A2F82-3604-4ED3-9A14-12DBF58F7929}" = rport=445 | protocol=6 | dir=out | app=system |
"{19563F8B-1DB3-4084-90DF-6FE11B8292F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E1EC856-00F7-4CD8-B764-749065112287}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{28EEC0A6-9192-4FD7-80B4-C46DE79094FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AA46B10-DED5-4D66-BC1E-CF3658E5BF18}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2C698BF1-D0EE-41AA-BDC0-545CA262C1C0}" = lport=138 | protocol=17 | dir=in | app=system |
"{309C46A9-166A-4F72-A69E-CB4D3365F059}" = lport=139 | protocol=6 | dir=in | app=system |
"{46AE5CFD-2DD6-4680-9BD2-21406FC5264D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C2CC16F-E088-4D5E-9EAC-B00F5344C615}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CA95BA3-CA4F-4AA9-96EC-0844908DC8FB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4DCAD7D7-262A-40A6-97F6-17C020C9F582}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{504439A3-69D6-4C91-8BF0-A94BE05E6E75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{554864A8-CF26-4788-ADAE-5C95E27256C9}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{82672171-12C2-41FE-A6C2-B6E47D5768EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D52A90F-E867-4B97-9D9D-4882904E755E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2C39401-B6FE-4DFA-9528-DA351DF701F7}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{A64FBEBD-9D0C-4BB6-B8A3-088657B557FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A83972B4-ABFF-4D8F-A945-1C6A8DBB5B9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEE4BB39-C8BD-4D5E-B352-1CC7B5E31898}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{B34D8625-36EE-45A2-B5D2-BA2EE3EB9972}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD93200E-1A57-4A5E-A170-E6FB36504BC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF577AB2-0368-42A7-80B9-F6847A76EF50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3E140FA-BAEA-4004-8B52-0A06CEAE01FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF804B52-6C35-45CE-89DF-FD262576DB5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F37DF91F-D395-4166-B646-592A86664B9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5DFA7D4-8944-4E4D-AE2D-53316BDDB931}" = rport=137 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EBA76A-9E3B-4553-9354-5FF3439DF3A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{07093D77-7EB6-4FFB-85A7-045B00E3D4D3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0ECA1C20-5A1B-48FF-A42F-FB33642D4EC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0F47E97C-D799-4678-8BDA-5BD4D6B472C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10CC83F0-7CE8-4AB6-9EDB-A8A208BAB15A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{1913CE83-7156-4C66-9A81-27159394AD77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19D5ACE5-272C-44EA-A479-1DEE94FEF5D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1ABE21D0-6D16-4DD6-9B41-7593B029ED34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21B4A488-ADC7-49B1-93F1-60AF5301947F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{263CA7FD-C115-484E-B7E5-A8149BE81075}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2AB0F814-1196-499A-9CCD-45A2A32C86B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{2C9B6B5F-44AB-4214-89EF-9827B546C40B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2EE7730E-C1E5-4EA3-BBEB-7D6D09C79DBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{49F28C17-BB0D-4F04-9FC0-EC0FDCAD7C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4E00AA3E-201A-4736-BBD6-4AD1D99AB81D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5203A9F6-5B4A-4285-8D6C-F7956B738D97}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5281E19A-5E9C-4B50-9DB6-0435D95451E0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{53C45623-9903-4B16-BAF7-74D5973411B0}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"{595D761B-D805-4B66-99F1-B98E2FCB4B44}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{59A12485-18C4-4755-BF30-DC9A91B17344}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe |
"{6343671C-3631-4901-BC4F-37936F50CDA5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{657A4B91-440D-498B-972A-EBE9D1D37CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{67DD1283-A9A8-44C3-BB41-C81C91588AFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{6B92821D-4CEC-4CAF-A80B-B2CA00DD9F30}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6CB09557-9FD1-4609-9924-EB7952929272}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7051CEFE-2064-4498-AE93-69CAD882BE59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{708725D8-B53A-4EC4-8F8C-1D09455936EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{75C2ECD1-2CA4-47D8-BE70-F4D35E64644F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{7F2E4C1F-18A7-4B98-BB8E-7C69367F9D73}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{89BCDAF0-F53E-49EE-9C25-E5E6DC3A6286}" = protocol=6 | dir=out | app=system |
"{8A9A35C4-E0C3-44D9-9DB2-DFFB38E79C31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E1CC51C-F8C3-4C68-B924-B9A7F843695D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9A354026-7061-45AA-A2C1-95335AE63716}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A664C32-907B-4757-8319-E514923079B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9A72B505-84AB-420A-BA3D-489603FDB630}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FC0828F-7570-4AF2-B334-F034D7722302}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"{AE0A1BCD-72FE-47EB-B60D-A812E0CFC332}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B38ACEAE-5225-4826-888E-7FC1718D9935}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{C1EB4F55-BBBB-401A-8266-46310203316D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{C26C49AC-CEFE-4231-AF21-8DA305C07EE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C347AC77-7039-421A-98F8-1F0C2570DB53}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{C846AE99-A3FF-45E4-9338-CE7F573F548C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{D1E8D80D-27B5-411D-8D92-C9F207B46297}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3121F6C-28BE-40CB-90C2-552BB93ACBD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D36D0D29-A402-4C1D-ADB5-90DBAD886D31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D67BA8D5-EF7E-4660-AC01-A206289926BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{D74EE848-6DD6-4AC2-AC50-97F1BCB1EFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D99DCC7B-1BF1-46AC-9E58-ED785FD5BF3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA0FB9B3-EAD0-4060-A41D-5D86DD42941C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF6055CB-AAF2-4002-BA8E-77CD93DB9AAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{DFE3971B-770D-494B-B9AB-7DE18FD99EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E3924C98-B1AA-497C-B9FC-382FB34E9EF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{E7B27F41-65E5-480E-A051-0CD82324908D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB022962-C1AA-40C1-9E9E-E732A5513058}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F10EB8B2-64E6-47C6-9AB1-84D84DB256B4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F125D084-CC26-4ACF-94E2-B92106113BEE}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe |
"{F75B4E76-504D-426E-9972-8FA6358E880C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD1776D2-D651-4357-8942-84B289E3F8FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FE80859B-F231-4810-B6F0-0E4D1424C30F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{82610BE1-EED9-442E-B689-4EF55D6FAD39}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{B130BBF1-9490-4A0C-8D10-1BF3F4C74DC7}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{B72FECBB-6AD8-4957-BAC7-D1D5811930B6}C:\users\****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{02AC19E9-6A56-4F8B-8E08-F233857896A3}C:\users\****appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\****appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{43993E87-E5BE-4AA4-A908-7A8D0025416A}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{93A20650-7887-45D6-8134-5415AC2C4B3E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N X2 USB Wireless LAN Driver and Utility
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B4920103-09F6-4AD2-B150-CFC4474D2DDC}" = Simple Adblock
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Samsung ML-2525W Series" = Wartung Samsung ML-2525W Series
"Winamp" = Winamp
"Winmail Opener" = Winmail Opener 1.5
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11.12.2012 11:14:45 | Computer Name = **** | Source = System Restore | ID = 8193
Description =

Error - 11.12.2012 11:14:45 | Computer Name = **** | Source = System Restore | ID = 8211
Description =

Error - 15.12.2012 16:49:22 | Computer Name = **** | Source = System Restore | ID = 8193
Description =

Error - 15.12.2012 16:49:22 | Computer Name = **** | Source = System Restore | ID = 8211
Description =

Error - 15.12.2012 19:54:22 | Computer Name = **** Source = System Restore | ID = 8193
Description =

Error - 15.12.2012 19:54:22 | Computer Name = **** | Source = System Restore | ID = 8211
Description =

Error - 16.12.2012 12:15:10 | Computer Name = **** | Source = System Restore | ID = 8193
Description =

Error - 16.12.2012 12:15:10 | Computer Name = **** | Source = System Restore | ID = 8211
Description =

Error - 17.12.2012 11:55:40 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.2792,
Zeitstempel: 0x50993b63 Name des fehlerhaften Moduls: avgidsagent.exe, Version:
13.0.0.2792, Zeitstempel: 0x50993b63 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027610b
ID
des fehlerhaften Prozesses: 0x6e8 Startzeit der fehlerhaften Anwendung: 0x01cddc2a34df732c
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Berichtskennung:
34561b64-4862-11e2-b458-0016d38ba74d

Error - 20.12.2012 07:27:37 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3234,
Zeitstempel: 0x4fe1f6d1 Name des fehlerhaften Moduls: gen_ff.dll, Version: 0.0.0.0,
Zeitstempel: 0x4fe1f6dc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006030 ID des fehlerhaften
Prozesses: 0x13ac Startzeit der fehlerhaften Anwendung: 0x01cdde96ac580346 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll Berichtskennung: 413791fe-4a98-11e2-88ba-0016d38ba74d

[ Media Center Events ]
Error - 20.10.2012 05:18:34 | Computer Name = **** | Source = MCUpdate | ID = 0
Description = 11:18:33 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 20.10.2012 05:19:02 | Computer Name = **** Source = MCUpdate | ID = 0
Description = 11:18:48 - Fehler beim Herstellen der Internetverbindung. 11:18:48
- Serververbindung konnte nicht hergestellt werden..

Error - 03.11.2012 08:02:44 | Computer Name = **** | Source = MCUpdate | ID = 0
Description = 13:02:44 - Fehler beim Herstellen der Internetverbindung. 13:02:44
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 20.12.2012 07:52:48 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 20.12.2012 07:54:18 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 20.12.2012 07:54:18 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 20.12.2012 07:54:19 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 20.12.2012 07:54:20 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 20.12.2012 09:11:47 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 20.12.2012 09:13:19 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 20.12.2012 09:13:19 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 20.12.2012 09:13:20 | Computer Name = **** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 20.12.2012 09:13:22 | Computer Name = **** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5


< End of report >


#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 December 2012 - 09:21 AM

Hello CharlyWork and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: AVG Security Toolbar


Step 2

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa


Step 3

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


In your next reply, post the following log files:

  • Junkware Removal Tool log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 CharlyWork

CharlyWork

    New Member

  • Members
  • Pip
  • 5 posts

Posted 20 December 2012 - 11:09 AM

Hi Maniac,

thank you for your help. :)

I uninstalled the AVG Toolbar, then removed JRE using JavaRa and installed the lastest JRE verion, and ran an uneventful JRT scan.

Could it be over?


Here's the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.0 (12.19.2012:2)
OS: Windows 7 Ultimate x64
Ran by **** on 20.12.2012 at 16:40:45,15
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2012 at 17:02:22,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 CharlyWork

CharlyWork

    New Member

  • Members
  • Pip
  • 5 posts

Posted 20 December 2012 - 11:24 AM

...and the DDS logs:

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by **** at 17:16:48 on 2012-12-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3070.1513 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C8066C9A-7D0C-4CB0-898D-2A10600F8A5A} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bvzua9oi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-10-15 21:31; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2009-2-9 333864]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 399432]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2012-9-25 36864]
R2 ScrybeUpdater;Scrybe-Updateprogramm;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-27 25928]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-9-25 694888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 676936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 TrdCap64;CTX's capture service;C:\Windows\System32\drivers\TrdCap64.sys [2010-6-9 1887528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
.
=============== Created Last 30 ================
.
2012-12-20 15:40:42 -------- d-----w- C:\Windows\ERUNT
2012-12-20 15:40:28 -------- d-----w- C:\JRT
2012-12-15 12:03:57 -------- d-----w- C:\Program Files (x86)\Winmail Opener
2012-12-12 18:08:13 -------- d-----w- C:\Windows\Migration
2012-12-12 16:07:57 91136 ----a-w- C:\Windows\SysWow64\wbem\wmiutils.dll
2012-12-12 15:59:16 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 10:30:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 10:30:15 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 10:30:09 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 10:30:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-12 10:30:08 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-12 10:30:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-12 10:30:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 10:30:01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-05 23:06:08 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-26 12:47:20 -------- d-----w- C:\Users\****\4.0
2012-11-26 12:47:20 -------- d-----w- C:\Users\****\.tfo4
.
==================== Find3M  ====================
.
2012-12-12 16:09:36 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 16:09:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-03 01:08:35 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-03 01:08:35 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-22 12:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 02:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 01:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 00:28:32 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-26 00:28:32 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-25 22:55:37 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-09-25 22:55:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-09-25 22:55:37 136704 ----a-w- C:\Windows\System32\browser.dll
2012-09-25 22:54:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-09-25 22:52:44 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-09-25 22:52:44 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-09-25 22:52:44 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-09-25 22:52:44 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-09-25 22:52:44 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-09-25 22:52:44 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-09-25 22:51:38 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-09-25 22:49:34 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-09-25 22:49:34 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-09-25 22:48:44 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-09-25 22:48:44 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-09-25 22:48:44 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-09-25 22:48:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 22:40:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-09-25 22:30:07 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-09-25 22:30:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-09-25 22:29:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-25 22:29:12 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-25 22:29:12 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-25 22:29:12 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-25 22:29:12 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-25 22:28:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-09-25 22:28:46 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-09-25 22:28:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-09-25 22:28:19 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-09-25 22:27:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-09-25 22:27:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-09-25 22:27:24 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-09-25 22:27:24 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-09-25 22:26:56 395776 ----a-w- C:\Windows\System32\webio.dll
2012-09-25 22:26:56 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-09-25 22:26:56 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-09-25 22:26:56 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2012-09-25 22:26:56 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-09-25 22:26:56 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-09-25 22:26:30 1572864 ----a-w- C:\Windows\System32\quartz.dll
.
============= FINISH: 17:17:14,74 ===============


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25.09.2012 21:54:37
System Uptime: 20.12.2012 14:12:31 (3 hours ago)
.
Motherboard: MEDION |  | WIM2180
Processor: Intel(R) Core(TM)2 Duo CPU	 T5550  @ 1.83GHz | U2E1 | 1833/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 269 GiB total, 157,851 GiB free.
D: is FIXED (FAT32) - 29 GiB total, 9,064 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3531-W-D
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
AIO_Scan
AuthenTec TrueSuite
AVG 2013
BufferChm
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
Copy
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Dropbox
F4100
F4100_Help
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Java 7 Update 10 (64-bit)
JDownloader 0.9
Malwarebytes Anti-Malware Version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NVIDIA Grafiktreiber 306.23
NVIDIA Install Application
NVIDIA Systemsteuerung 306.23
PDF24 Creator 4.9.0
PlayReady PC Runtime amd64
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Simple Adblock
Sitecom 300N X2 USB Wireless LAN Driver and Utility
SmartWebPrinting
SolutionCenter
Status
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.2
Wartung Samsung ML-2525W Series
WebReg
Winamp
Winamp Erkennungs-Plug-in
Winmail Opener 1.5
WinRAR 4.20 (64-Bit)
Yahoo! Detect
.
==== End Of File ===========================


#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 December 2012 - 08:33 AM

Could it be over?


Let's check:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 CharlyWork

CharlyWork

    New Member

  • Members
  • Pip
  • 5 posts

Posted 21 December 2012 - 04:57 PM

I think we did it :)

Thank you very much for your help, It is highly appreciated!

Best regards,
Charly



Here's the log:

  

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
[url="http://www.malwarebytes.org"]www.malwarebytes.org[/url]
Datenbank Version: v2012.12.21.17
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
****:: ****-PC [Administrator]
Schutz: Deaktiviert
21.12.2012 22:44:43
mbam-log-2012-12-21 (22-44-43).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 206122
Laufzeit: 4 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)


#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 December 2012 - 09:38 AM

Glad I could help, Charlie! :)

Please manually delete all of the tools.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 December 2012 - 08:08 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users