![]() |
Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V Hallo Leute, nach dem letzten Scannen, hat mein Virenscanner 3 Viren angezeigt:Trojaner TR/Bublik.avlv und TR/Symmi.20469 und TR/Agent.131072.V. Daher brauche eure Hilfe. OTL-Scan habe ich schon gemacht und 2 Logfiles wurden erstellt. ----------------------------------------------------------------------------------------- OTL Extras logfile created on: 02.06.2013 19:06:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 45,18% Memory free 5,33 Gb Paging File | 3,46 Gb Available in Paging File | 64,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 71,01 Gb Free Space | 51,52% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 146,19 Gb Free Space | 44,59% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FreemiumAnalyze] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft) Directory [FreemiumFindEmptyFolders] -- C:\Program Files\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FB6857E-A3A1-46DE-8F5F-A1AD710FA33B}" = lport=139 | protocol=6 | dir=in | app=system | "{10E02F23-8D79-45CE-B772-7E6736775AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{21702D74-12C1-4B79-B937-4A8EC0972183}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2AEAE9DD-30D1-40A8-AB82-CD66FEA14A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{354FB734-D7C2-4930-B3CE-47FCE093A064}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{361823DA-3059-4E7F-8C17-CD93D9F3443A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{39E6D77A-EDEC-4EF1-9588-005195FBB6AE}" = rport=139 | protocol=6 | dir=out | app=system | "{4234FC6E-32B0-4597-9606-B9FDC9F3C0E4}" = lport=137 | protocol=17 | dir=in | app=system | "{427694BD-B821-42FD-81D6-61FA7E8F2B2C}" = lport=445 | protocol=6 | dir=in | app=system | "{43BBA57F-10C4-4D55-B9C1-CB50B5ACD107}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A33007C-33A2-49CD-B3D1-F2B7E6E25647}" = rport=138 | protocol=17 | dir=out | app=system | "{4AAB5A17-3E4D-40EA-8AD0-0CB2F6E77F49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74C8C282-68AC-4EB8-8ED8-0F74147EF9CC}" = rport=137 | protocol=17 | dir=out | app=system | "{89155650-4B2D-4854-8B49-752B0F50CAC2}" = lport=2869 | protocol=6 | dir=in | app=system | "{8A667358-9DB6-4222-957A-E1DD3AD7CDF7}" = lport=10243 | protocol=6 | dir=in | app=system | "{8DB164E9-0223-4130-8276-1F3FF54EC039}" = rport=445 | protocol=6 | dir=out | app=system | "{9229DDD4-ADF0-4DD3-B365-52911429B925}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D0BACFB-C229-4CF3-A838-C3797E35163C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A691F645-B2E0-402A-9583-9A57B76FE1C7}" = lport=138 | protocol=17 | dir=in | app=system | "{A6E544C0-70EB-41DE-8D9F-6A4C4BCF2C4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F42B6AB2-D44A-4D99-99BE-58CE32B1430B}" = rport=10243 | protocol=6 | dir=out | app=system | "{F52C8D0B-D5E2-4301-99AC-4B059FC33C41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03B90E20-D297-438B-B269-00A1779D2E70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{04ABFEF5-FD67-45D3-8C52-81747835B582}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{0B6441D1-926B-4F25-A802-E6EC4FD86157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{121FDBC3-9D50-4E1E-93FE-806887F9BEE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1722A383-0454-4341-A1E4-3FB034C9CB08}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1B9D47A6-77FB-44AC-AE1D-9FF31CE795A6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{1C291843-C864-4835-B1F6-0E7CF32EE59F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D0B672F-CEBD-4910-A513-67221F92DB08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{28343725-27F0-47A5-A955-3345F07332DE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2B72B307-7D99-4856-B44C-41D6A8485217}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{317A13F2-A5CE-4B63-A90F-B9C1178E5137}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3394336F-E2C4-4CAE-9D1C-C661DFA1BF63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{372427A7-F26E-46CA-92FD-12D774015698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{39C90CD6-197D-4C4E-9CE6-FA744A7F83D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4C994B3E-A980-4952-A103-F8F3B91FA818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5274FBF3-0AB8-49E2-BE4E-909A266C3FF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{54B17586-83CE-458B-A1B8-635CD14BE881}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{569417A6-670C-4623-ABE1-B0E732236B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{58B5CF96-1709-4CFB-AD7E-F26FA4FCE29C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5969AE12-E2C2-4BBB-8C46-6C1F87EA39B1}" = dir=in | app=c:\program files\iminent\iminent.exe | "{5CFF7E87-F5FB-41D6-95A8-A456D8AB02B7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{5DFD998A-23B7-4E72-9E5C-8291B19174D6}" = protocol=6 | dir=out | app=system | "{601B580B-5657-4966-8026-5ED934C93F58}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{62574BBD-D62A-4BB7-9E45-6AFAC78E2012}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{643E6C6D-6987-4870-B5A3-AFFD7CB9726B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{697E9CB2-C0E2-49BA-B192-1991FE7841B2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{6DB46EA6-53EA-4DF1-B9E4-26B2083EA5F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{76B195CC-79BF-4A5D-A60A-9554920FC6F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{87CC4E80-1565-44D8-8B91-0C33070098E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{8BB4A9E5-8344-4109-84D0-8F9A911B76AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8BFB7D53-AAD9-4ABF-A17B-739CAE779D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8EE09949-EF34-48F0-AD62-5513B0044D79}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{940635DB-AC34-466B-9075-DAF0E034BB99}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9421DE9E-CFD5-4FAB-AFA6-1AF4B2E0FFF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9A584B99-8F33-4777-BF4F-45C7395B33F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9FF9A512-C391-433A-9912-0C4E6C82983E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{A257491A-DA6E-4AD1-82B9-DA69981F9933}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A3014FEE-E9F0-43C6-86BF-C2D31FBED362}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A72FD165-791E-4B1F-AB08-51E44531CF84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A8E938D1-5A6B-4AE5-A311-A8B08BC40C0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ADF49357-45FC-4420-A500-8A594673685B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B3453EB1-1CEE-4BBC-A9C4-D20035141804}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B49850C6-A06A-4AAB-84E7-0E3F28363486}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B74DCA61-4ED1-4710-B397-04F12CC9AAD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B769249E-F1C8-4771-A768-B261D74C6165}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B7B69582-92B0-498C-8C42-F50C9AE57436}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B9EFA22D-816D-4CEE-8EC3-25DA5A2BB1B1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{BD57CDA6-580C-4C35-A187-AC2B44CB78A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF274E84-F4FB-4F3C-B87B-A54D07721E67}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | "{C787928F-3BC9-4027-9C91-4C4DD29FC142}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D52F6341-A5BB-4130-9887-BBDF1AA16C56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D6127B5D-390E-4B7B-979C-8D2F8A3E31ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E2686FFC-9C4E-42D1-B1A8-1F734DFC71E7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E30B9C19-187D-42F7-9F35-83274B244E6A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{E3D07E4C-1FFD-4A0F-90F6-7701ACF9D7D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E742EA94-B7ED-4B98-B302-50505E88D756}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EC2B6E11-A455-45D7-9547-EF1A6F14B2D6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ED26470E-B405-492D-837A-0CF5BACF8D18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ED78DD81-D12D-4BF4-ABF9-D239433FBF4F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F2494976-1742-4FCC-A3B1-E3AC23B7427E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{F98DB22C-E1B7-4405-AC6E-A17F4A5717E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FCBDA0B2-8B86-495B-B21A-A0975C13C853}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FEBB6C19-15B8-4792-BE6C-10C0CCB12CC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{33255F08-370C-442A-990D-5C5FD4B989C3}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | "TCP Query User{4E46BBD6-53C6-46D9-A6BF-61DDCFC30B7E}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | "TCP Query User{5291C130-9A46-4848-AE58-DA6F17A625FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{6698C2AC-2F4C-47A4-B028-E84E4C414E77}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=6 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | "TCP Query User{91948026-AC83-4AFD-B0EB-E3F8B95D5140}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{A014EB35-51BD-4C4C-BCEA-7C87EE51DDC8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "TCP Query User{B5FA69B4-54E1-439A-87F1-D9B1FC804C3C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{D2346D37-C55C-4847-AD90-2733C071EC11}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{04A6306B-2540-4DCC-B51D-12AAE509C3C7}C:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver\woodminiwebserver.exe | "UDP Query User{25BCF3F0-8297-4089-80AB-B14AD9684D7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{3237522B-FA1C-4061-816C-ED2297C25321}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{4832A54A-5323-4BD9-876B-18E70AC4CA27}C:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe" = protocol=17 | dir=in | app=c:\users\je\desktop\woodminiwebserver (1)\woodminiwebserver\woodminiwebserver.exe | "UDP Query User{835E0537-30DC-423B-85B5-7A7F839B3C58}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{AAF0DC98-B2C5-470A-9874-5C9D3745606C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{BF3F6706-6E8D-4AA3-90E8-C4A4C774DDE6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{D9B24041-858B-4018-B725-D4BCD58AA1E5}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{15B291FD-AA72-4D0B-BD6E-604F24C5D14C}" = Free SystemUtilities "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{29C7E8BE-FBD9-4D91-BC4F-B470C718D554}" = Iminent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{421d35e3-d4bd-47a6-b6aa-d21ade07cf32}" = Free System Utilities "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi-Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CONFLICT - DESERT STORM 2_is1" = CONFLICT - DESERT STORM 2 "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch "EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall "FoxyDeal" = FoxyDeal "Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128 "IMBoosterARP" = Iminent "IncrediMail" = IncrediMail 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Opera 12.14.1738" = Opera 12.14 "ProInst" = Intel PROSet Wireless "singalong@xenophesoft.com" = Sing Along "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam "VLC media player" = VLC media player 2.0.5 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.06.2013 13:09:19 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:10:04 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:10:04 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:10:51 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:15:08 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:15:08 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:15:32 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:20:13 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:20:13 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2013 13:20:19 | Computer Name = JE-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IncrediMail\Bin\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 02.04.2013 16:38:24 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 02.04.2013 16:38:24 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 02.04.2013 16:38:24 | Computer Name = JE-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 04.04.2013 04:49:29 | Computer Name = JE-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 04.04.2013 07:11:54 | Computer Name = JE-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?04.?2013 um 11:13:04 unerwartet heruntergefahren. Error - 04.04.2013 16:28:43 | Computer Name = JE-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?04.?2013 um 20:17:27 unerwartet heruntergefahren. Error - 05.04.2013 03:50:00 | Computer Name = JE-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?04.?04.?2013 um 22:31:32 unerwartet heruntergefahren. Error - 26.04.2013 03:34:30 | Computer Name = JE-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?20.?04.?2013 um 14:42:30 unerwartet heruntergefahren. Error - 26.04.2013 05:19:22 | Computer Name = JE-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?04.?2013 um 10:01:37 unerwartet heruntergefahren. Error - 08.05.2013 14:21:05 | Computer Name = JE-PC | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.27 registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. < End of report > ----------------------------------------------------------------------------------------- OTL logfile created on: 02.06.2013 19:06:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JE\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,67 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 45,18% Memory free 5,33 Gb Paging File | 3,46 Gb Available in Paging File | 64,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,83 Gb Total Space | 71,01 Gb Free Space | 51,52% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 146,19 Gb Free Space | 44,59% Space Free | Partition Type: NTFS Drive E: | 562,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JE-PC | User Name: JE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Iminent\Iminent.exe (Iminent) PRC - C:\Programme\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Programme\Common Files\Umbrella\Umbrella.exe (Iminent) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ddbbfda715843c275166d3867d28e67a\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\System32\IccLibDll.dll () ========== Services (SafeList) ========== SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe () SRV - (SProtection) -- C:\Programme\Common Files\Umbrella\Umbrella.exe (Iminent) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (ayqxv42u) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 F7 99 87 DA 61 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JE\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.03.07 14:52:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Users\JE\AppData\Roaming\Mozilla\Firefox\Profiles\gkn5ha14.default\extensions\webbooster@iminent.com [2013.06.02 15:45:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.11 20:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files\SingAlong\FF\ [2013.06.02 15:44:03 | 000,000,000 | ---D | M] [2012.07.23 22:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Extensions [2012.08.07 00:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions [2012.08.07 00:26:52 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2013.06.02 15:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions [2013.06.02 15:43:59 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013.06.02 15:45:01 | 000,000,000 | ---D | M] (Iminent Minibar) -- C:\Users\JE\AppData\Roaming\mozilla\Firefox\Profiles\gkn5ha14.default\extensions\webbooster@iminent.com [2012.11.03 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.11 20:48:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.17 20:13:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.17 20:13:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.17 20:13:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.17 20:13:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.17 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.17 20:13:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JE\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\JE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: Sing Along = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.111_0\ CHR - Extension: FoxyDeal = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\6.2.0_0\ CHR - Extension: YouTube = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Iminent = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Google Mail = C:\Users\JE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Programme\SingAlong\singalng.dll (Xenophesoft) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Programme\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [EPSON Stylus SX600FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [playgoexec] -autorun File not found O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0450B429-4E51-4E97-86D0-926484D55456}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28860C02-2E44-4F74-81DA-935FD714DDCA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.01.25 22:01:52 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1e756a07-cdcb-11e1-b117-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e756a07-cdcb-11e1-b117-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006.01.25 22:01:52 | 000,380,928 | R--- | M] () O33 - MountPoints2\{2a008891-ceb2-11e1-9d77-bcaec559d5a1}\Shell - "" = AutoRun O33 - MountPoints2\{2a008891-ceb2-11e1-9d77-bcaec559d5a1}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Freemium [2013.06.02 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Iminent [2013.06.02 15:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent [2013.06.02 15:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent [2013.06.02 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella [2013.06.02 15:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent [2013.06.02 15:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\SingAlong [2013.06.02 15:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\FoxyDeal [2013.06.02 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeSystemUtilities [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013.06.02 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013.06.02 15:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.06.02 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\DownloadGuide [2013.06.01 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\JE\Documents\SCi [2013.06.01 07:31:54 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.01 07:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CONFLICT - DESERT STORM 2 [2013.06.01 07:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\CONFLICT - DESERT STORM 2 [2013.05.30 13:06:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.30 12:16:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013.05.30 12:16:57 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Temp [2013.05.30 12:15:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\zoek (1) [2013.05.30 11:44:59 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Roaming\Malwarebytes [2013.05.30 11:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.30 11:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.30 11:44:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.30 11:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.30 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\JE\AppData\Local\Programs [2013.05.30 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\JE\Desktop\30 [2013.05.26 13:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.24 20:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.23 20:03:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.23 20:03:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.16 08:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.16 08:08:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 08:08:34 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 08:08:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 08:08:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 08:08:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 08:08:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 08:08:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 08:08:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 08:08:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 08:08:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 10:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 10:42:21 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 10:42:13 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 10:41:58 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 10:41:58 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.13 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.05.13 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.05.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013.05.07 17:40:40 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.02 19:06:08 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 19:06:08 | 000,025,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 19:02:16 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 18:59:22 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2013.06.02 18:59:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2013.06.02 18:59:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 18:58:57 | 2146,775,040 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 17:42:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000UA.job [2013.06.02 17:35:30 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 17:35:30 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 17:35:30 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 17:35:30 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.02 17:32:22 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457223372-1182995303-1409636268-1000Core.job [2013.06.02 17:32:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 15:44:58 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:43:45 | 000,002,551 | ---- | M] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | M] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | M] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:15:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.05.30 12:02:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.05.26 13:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JE\Desktop\OTL.exe [2013.05.25 10:55:19 | 000,002,350 | ---- | M] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.16 08:28:04 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 08:11:58 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.16 08:11:46 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.05.15 12:31:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:31:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.10 18:39:07 | 000,039,936 | ---- | M] (Absolute Software Corporation) -- C:\Windows\System32\identprv.dll [2013.05.07 17:40:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 15:44:44 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2013.06.02 15:44:05 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job [2013.06.02 15:43:45 | 000,002,551 | ---- | C] () -- C:\Users\Public\Desktop\Free System Utilities.lnk [2013.06.02 15:42:31 | 000,000,205 | ---- | C] () -- C:\Users\JE\Desktop\Amazon.url [2013.06.01 07:31:41 | 000,001,076 | ---- | C] () -- C:\Users\JE\Desktop\CONFLICT - DESERT STORM 2.lnk [2013.05.30 12:16:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.05.30 11:44:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.05.19 20:10:10 | 000,002,350 | ---- | C] () -- C:\Users\JE\Desktop\Google Chrome.lnk [2013.05.13 07:11:54 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.13 07:11:53 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.17 19:54:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2013.02.17 19:34:22 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2013.02.17 19:34:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2013.02.17 19:34:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2013.02.17 19:34:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2013.02.17 19:34:22 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2013.02.17 19:34:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2013.02.17 19:34:22 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2013.02.17 19:34:22 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2013.02.17 19:34:22 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2013.02.17 19:34:22 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2013.02.17 19:34:22 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2013.02.17 19:34:22 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2013.02.17 19:34:22 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2013.02.17 19:34:22 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2013.02.17 19:34:22 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2013.02.17 19:34:22 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2013.02.17 19:34:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.07.15 21:25:13 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.07.15 19:22:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.07.14 22:27:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.07.14 21:51:20 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.07.14 17:48:11 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2012.07.14 17:47:06 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > danke schon mal im vorraus Gruß IL-2 |
Hi, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
hallo schrauber, vielen Dank für die scnelle Antwort. hier ist Combofix Logfile: Combofix Logfile: Code: ComboFix 13-06-02.02 - JE 02.06.2013 21:31:25.2.4 - x86 LG IL-2 |
Combofix-Skript
|
Code: ComboFix 13-06-02.02 - JE 02.06.2013 22:28:04.3.4 - x86 IL-2 |
Downloade dir bitte Rogue Killer von hier.
RogueKiller danach löschen lassen, beide Logfiles posten. Downloade Dir bitte ![]()
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
[CODE][RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy mail: tigzyRK<at>gmail<dot>com mail : tigzyRK<at>gmail<dot>com Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/ Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php Blog : hxxp://tigzyrk.blogspot.com/ Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Gestartet in : Normaler Modus Benutzer : JE [Admin Rechte] Funktion : Scannen -- Datum : 06/02/2013 22:50:59 | ARK || FAK || MBR | ¤¤¤ Böswillige Prozesse : 0 ¤¤¤ ¤¤¤ Registry-Einträge : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ ¤¤¤ Treiber : [GELADEN] ¤¤¤ SSDT[84] : NtCreateSection @ 0x8306513D -> HOOKED (Unknown @ 0x8F468686) SSDT[299] : NtRequestWaitReplyPort @ 0x8307FB22 -> HOOKED (Unknown @ 0x8F468690) SSDT[316] : NtSetContextThread @ 0x8311F851 -> HOOKED (Unknown @ 0x8F46868B) SSDT[347] : NtSetSecurityObject @ 0x830437F7 -> HOOKED (Unknown @ 0x8F468695) SSDT[368] : NtSystemDebugControl @ 0x830C77D2 -> HOOKED (Unknown @ 0x8F46869A) SSDT[370] : NtTerminateProcess @ 0x8309CD86 -> HOOKED (Unknown @ 0x8F468627) S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8F4686AE) S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8F4686B3) ¤¤¤ Hosts-Datei: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPVT-80HXZT1 ATA Device +++++ --- User --- [MBR] 2a30f2d2016c35ee948c58f41da910bc [BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 141136 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289253376 | Size: 335702 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[1]_S_06022013_02d2250.txt >> RKreport[1]_S_06022013_02d2250.txt /CODE] LG IL-2 |
und weiter. |
Code: # AdwCleaner v2.301 - Datei am 02/06/2013 um 22:56:37 erstellt |
RogueKiller Löschen fehlt. Und bitte alle Logs auf einmal posten wenn möglich :) |
RogueKiller danach löschen lassen wie mache ich das |
RogueKiller > Pre-Scan > Scan klicken > warten > Delete oder Löschen klicken > Log auf dem Desktop :) |
Code: # AdwCleaner v2.301 - Datei am 02/06/2013 um 23:16:01 erstellt und Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ jetzt habe ich es Code: RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy |
ESET Online Scanner
Downloade Dir bitte ![]()
und ein frisches OTL log bitte. Wie läuft der Rechner? |
Code: RogueKiller V8.5.4 [Mar 18 2013] durch Tigzy LG IL-2 |
Alle Zeitangaben in WEZ +1. Es ist jetzt 07:09 Uhr. |
Copyright ©2000-2025, Trojaner-Board