| |
| |||||||
Log-Analyse und Auswertung: System Care Antivirus Hilfe!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.05.2013, 21:46
| #1 |
| |  System Care Antivirus Hilfe! Guten Tag, ich habe mir leider den "System Care Antivirus" Virus eingefangen und kann meinen Laptop jetzt nur im abgesichterten Modus öffnen. Habe mir jetzt mit OTL Logfiles erstellt und würde mich über eure Hilfe sehr freuen! LG Lesierk OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.05.2013 22:26:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elena\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,36% Memory free 3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,20 Gb Total Space | 1,39 Gb Free Space | 4,77% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 52,54 Gb Free Space | 67,25% Space Free | Partition Type: NTFS Drive E: | 125,46 Gb Total Space | 39,09 Gb Free Space | 31,16% Space Free | Partition Type: NTFS Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.05.18 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe PRC - [2013.04.13 13:25:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Firefox\firefox.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.04.13 13:25:30 | 003,133,336 | ---- | M] () -- D:\Firefox\mozjs.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- D:\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.05.14 22:09:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.28 18:51:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 18:51:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- d:\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - [2013.03.28 18:51:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 18:51:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 18:51:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.01 11:27:45 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.04.25 02:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.12.12 18:01:30 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P) DRV - [2007.06.13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc) DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://oaming/Mozilla/Firefox/prof [Binary data over 200 bytes] IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 6C 1B AD 72 40 CC 01 [binary data] IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes,DefaultScope = {2C8852F6-B9CD-4C7D-86B1-0FA495924E70} IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{2C8852F6-B9CD-4C7D-86B1-0FA495924E70}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?scope=web&FORM=Z9LH" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.26 11:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.26 11:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.24 00:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.24 00:14:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: D:\Thunderbird\plugins [2011.04.26 19:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions [2011.04.26 19:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.15 22:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions [2013.02.10 20:35:09 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2013.05.15 22:04:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.12.24 22:10:24 | 000,000,000 | ---D | M] (Bloglovin') -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\jid1-JrxwyxPdCKWWcw@jetpack [2013.05.14 20:20:46 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\firefox\profiles\jg367zfo.default\extensions\toolbar@gmx.net.xpi [2013.05.09 09:03:51 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\firefox\profiles\jg367zfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Version Cue CS2] d:\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\Run: [] C:\Users\Elena\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\RunOnce: [AE77ADE6895D6B030000AE76FF746FE9] C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9\AE77ADE6895D6B030000AE76FF746FE9.exe () O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Elena\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AA95DC-40D7-4708-B8BF-242667467E59}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5b8bdd50-a32c-11e0-a0c9-00247e47f393}\Shell - "" = AutoRun O33 - MountPoints2\{5b8bdd50-a32c-11e0-a0c9-00247e47f393}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.18 22:15:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe [2013.05.18 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.18 21:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.05.18 20:13:21 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.18 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9 [2013.05.15 09:06:06 | 000,000,000 | R--D | C] -- C:\Users\Elena\Contacts [2013.05.14 23:22:06 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.14 23:22:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.14 23:22:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.14 23:22:03 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.14 23:22:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.14 23:22:01 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.14 23:22:01 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.14 23:22:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.14 23:22:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.14 23:22:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.14 22:11:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.14 22:11:28 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.14 22:09:25 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.14 22:09:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.14 22:09:14 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.12 11:46:09 | 000,000,000 | ---D | C] -- C:\Users\Elena\ARISExpress [2013.05.12 11:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Platform [2013.05.07 15:57:29 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.04.30 11:14:02 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 11:14:02 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 11:14:02 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 11:14:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 11:14:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 11:14:01 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 11:14:01 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 11:14:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 11:14:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 11:14:01 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 11:14:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 11:14:00 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 11:14:00 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 11:14:00 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 11:14:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 11:14:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 11:14:00 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 11:14:00 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 11:14:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 11:14:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 11:14:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 11:14:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 11:14:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 11:14:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.30 11:13:59 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 11:13:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.25 09:19:32 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\TOC-Karbonat [2013.04.24 19:18:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Elena\Desktop\*.tmp files -> C:\Users\Elena\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.18 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe [2013.05.18 21:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.18 21:14:57 | 1603,039,232 | -HS- | M] () -- C:\hiberfil.sys [2013.05.18 20:13:21 | 000,002,055 | ---- | M] () -- C:\Users\Elena\Desktop\System Care Antivirus.lnk [2013.05.18 20:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.18 20:03:10 | 000,243,546 | ---- | M] () -- C:\Users\Elena\Desktop\ca3dddf219691145.jpg [2013.05.18 19:39:43 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 19:39:43 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{BBF9F88F-9C5E-417F-89C5-FEEB69507AB1}.job [2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{B2B2D0C5-80EF-4CEF-AFF7-F8F99DB7ED87}.job [2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{5DBC0743-4CF5-420F-A13A-1C1E613320AE}.job [2013.05.15 09:03:44 | 003,749,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.14 22:18:47 | 000,114,713 | ---- | M] () -- C:\Users\Elena\Desktop\945270_522734957792800_541341678_n.jpg [2013.05.14 22:09:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.14 22:09:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.14 20:26:18 | 000,174,209 | ---- | M] () -- C:\Users\Elena\Desktop\oldenbora_2012_92_20120607_2073770358.jpg [2013.05.11 13:32:32 | 002,516,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 13:32:32 | 000,725,612 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 13:32:32 | 000,569,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 13:32:32 | 000,542,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.11 13:22:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.11 13:22:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 17:08:54 | 000,102,938 | ---- | M] () -- C:\Users\Elena\Desktop\picdump-13-05-03-119.jpg [2013.05.07 17:02:28 | 000,252,005 | ---- | M] () -- C:\Users\Elena\Desktop\467964_485432231501922_710910352_o.jpg [2013.05.07 16:55:38 | 000,090,619 | ---- | M] () -- C:\Users\Elena\Desktop\561484_138393569636953_668682765_n.jpg [2013.05.07 16:54:56 | 000,063,933 | ---- | M] () -- C:\Users\Elena\Desktop\155448_177698775706432_59940906_n.jpg [2013.05.07 16:54:45 | 000,065,789 | ---- | M] () -- C:\Users\Elena\Desktop\393017_183241101818866_1862792427_n.jpg [2013.05.07 15:56:51 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.06 21:58:26 | 000,848,760 | ---- | M] () -- C:\Users\Elena\Desktop\921617_450170838406035_1889111583_o.jpg [2013.04.30 11:14:02 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.30 11:14:02 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.30 11:14:02 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.30 11:14:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.30 11:14:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.30 11:14:01 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.30 11:14:01 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.30 11:14:01 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.30 11:14:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.30 11:14:01 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.30 11:14:01 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.30 11:14:00 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.30 11:14:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.30 11:14:00 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.30 11:14:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.30 11:14:00 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.30 11:14:00 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.30 11:14:00 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.30 11:14:00 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.30 11:14:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.30 11:14:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.30 11:14:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.30 11:14:00 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.30 11:14:00 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.30 11:14:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.30 11:13:59 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.30 11:13:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.29 19:42:12 | 000,087,339 | ---- | M] () -- C:\Users\Elena\Desktop\hBE8E32D1.jpg [2013.04.29 18:30:05 | 000,164,954 | ---- | M] () -- C:\Users\Elena\Desktop\Nike Free.jpg [2013.04.28 17:07:36 | 000,326,176 | ---- | M] () -- C:\Users\Elena\Desktop\Stratographie.jpg [2013.04.28 16:56:20 | 005,164,144 | ---- | M] () -- C:\Users\Elena\Desktop\Legende.cdr [2013.04.28 16:54:35 | 005,164,166 | ---- | M] () -- C:\Users\Elena\Desktop\Sicherungskopie_vongdfscf.cdr [2013.04.22 21:12:37 | 000,113,194 | ---- | M] () -- C:\Users\Elena\Desktop\20130422_204251.jpg [2013.04.22 21:12:04 | 000,106,135 | ---- | M] () -- C:\Users\Elena\Desktop\20130422_204344.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Elena\Desktop\*.tmp files -> C:\Users\Elena\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.18 20:13:21 | 000,002,055 | ---- | C] () -- C:\Users\Elena\Desktop\System Care Antivirus.lnk [2013.05.18 20:03:09 | 000,243,546 | ---- | C] () -- C:\Users\Elena\Desktop\ca3dddf219691145.jpg [2013.05.14 22:18:46 | 000,114,713 | ---- | C] () -- C:\Users\Elena\Desktop\945270_522734957792800_541341678_n.jpg [2013.05.14 20:26:13 | 000,174,209 | ---- | C] () -- C:\Users\Elena\Desktop\oldenbora_2012_92_20120607_2073770358.jpg [2013.05.08 17:08:52 | 000,102,938 | ---- | C] () -- C:\Users\Elena\Desktop\picdump-13-05-03-119.jpg [2013.05.07 17:02:28 | 000,252,005 | ---- | C] () -- C:\Users\Elena\Desktop\467964_485432231501922_710910352_o.jpg [2013.05.07 16:55:38 | 000,090,619 | ---- | C] () -- C:\Users\Elena\Desktop\561484_138393569636953_668682765_n.jpg [2013.05.07 16:54:55 | 000,063,933 | ---- | C] () -- C:\Users\Elena\Desktop\155448_177698775706432_59940906_n.jpg [2013.05.07 16:54:42 | 000,065,789 | ---- | C] () -- C:\Users\Elena\Desktop\393017_183241101818866_1862792427_n.jpg [2013.05.06 21:58:25 | 000,848,760 | ---- | C] () -- C:\Users\Elena\Desktop\921617_450170838406035_1889111583_o.jpg [2013.04.30 11:14:00 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.29 19:42:11 | 000,087,339 | ---- | C] () -- C:\Users\Elena\Desktop\hBE8E32D1.jpg [2013.04.29 18:30:05 | 000,164,954 | ---- | C] () -- C:\Users\Elena\Desktop\Nike Free.jpg [2013.04.28 22:57:44 | 000,215,564 | ---- | C] () -- C:\Users\Elena\Desktop\b023.jpg [2013.04.28 17:07:21 | 000,326,176 | ---- | C] () -- C:\Users\Elena\Desktop\Stratographie.jpg [2013.04.28 16:56:16 | 005,164,166 | ---- | C] () -- C:\Users\Elena\Desktop\Sicherungskopie_vongdfscf.cdr [2013.04.28 16:54:31 | 005,164,144 | ---- | C] () -- C:\Users\Elena\Desktop\Legende.cdr [2013.04.22 20:56:28 | 000,113,194 | ---- | C] () -- C:\Users\Elena\Desktop\20130422_204251.jpg [2013.04.22 20:56:28 | 000,106,135 | ---- | C] () -- C:\Users\Elena\Desktop\20130422_204344.jpg [2013.03.28 19:26:59 | 000,005,265 | ---- | C] () -- C:\Users\Elena\AppData\Local\recently-used.xbel [2013.01.10 14:12:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2012.12.07 10:59:49 | 000,011,169 | ---- | C] () -- C:\Users\Elena\gsview32.ini [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.02.25 18:26:39 | 000,007,605 | ---- | C] () -- C:\Users\Elena\AppData\Local\Resmon.ResmonCfg [2011.11.26 17:45:14 | 000,000,050 | ---- | C] () -- C:\Users\Elena\.gtk-bookmarks [2011.11.18 19:05:58 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll [2011.10.24 22:30:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers [2011.10.24 00:03:32 | 000,221,005 | ---- | C] () -- C:\Windows\hpoins30.dat [2011.10.24 00:03:32 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat [2011.08.08 13:21:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.08.08 13:21:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.08.08 13:21:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.08.08 13:21:39 | 000,000,000 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Grapher [2011.07.04 21:48:18 | 000,000,000 | ---- | C] () -- C:\Users\Elena\AppData\Local\{9557C478-77CA-4EA1-ACC2-2FA386D9D82A} ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\Users\Elena\Desktop\20130422_204344.jpg:com.dropbox.attributes @Alternate Data Stream - 160 bytes -> C:\Users\Elena\Desktop\20130422_204251.jpg:com.dropbox.attributes < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.05.2013 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elena\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,36% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 1,39 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 52,54 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 39,09 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Neuer Ordner\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Neuer Ordner\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DACA2AD-B1F6-471A-A1EA-29A9B4127005}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10907868-17D9-4B54-964B-88A6DF8F27B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1177E83C-D1FF-4D00-9EE0-992B8C51E348}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14F60E2D-B5D4-49A0-8DD7-A874ADFC2014}" = rport=139 | protocol=6 | dir=out | app=system |
"{254C1B83-FFA6-493D-AB28-0A66F86BCA4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{29944158-F678-4CD3-9B0C-E73DD201EFA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FE38FA7-FA67-4327-A05F-7F04AE0A7C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5060208F-EE13-4E5F-99A3-CE2D17B28D8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55BA9744-C48F-4D9B-8416-8E9240F6636E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{58484172-1E74-4F2E-B2EA-833F0B3D40B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{5925EBCD-2020-4360-91A7-C318F986E775}" = lport=445 | protocol=6 | dir=in | app=system |
"{5E3B9CF4-1C21-4A28-897F-0D6F11774901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{640C9C29-9AA3-4E9E-A83B-6A6D86F607ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{691BD821-62BD-430E-8AF0-B27D1F1F2D2A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B45689E-C306-41D6-9F98-D82BFD1ACF7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{7236382B-60B5-4399-A21A-F3F45E996D5A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{777D2549-5A8A-4558-9F51-86258483912F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EA8CF88-BBB4-45E2-B9B3-1FDBF370DBF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8096B579-6BFF-4535-AF7C-AD3F8608DB81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8694C3D5-1D4A-4446-ACB4-3ABF7AEC9DDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89B270A8-A00F-4B94-B916-80D5335F1E7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A289E811-A91D-489D-B2B1-06055E11590F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA827824-B3EA-4E8C-84D4-55B97148CFF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF1DE92B-7565-401F-9007-B8C12827D549}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D366F077-82F1-4D80-9D37-9F6F79717D61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB28DB09-1BCD-4255-BACA-AAEDB8D8B10F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E9F31630-4BCC-428A-B191-0B9887A711A9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{ED5D3EE3-A241-4564-B261-20D530B0B4E1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F2449364-F88D-40C5-ADFF-323F28FFC6E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F47B5BE1-0279-43BB-B782-BB37F5D0C52D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F502400C-EB3F-45C5-95FF-67D875779268}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FC6B0F52-BD47-4A06-81DB-3FC119E7B504}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00325120-83A7-4385-93AF-8019D7CE194D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08A4ADA7-B5B7-44F8-94BB-81386B7578F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{14482EA8-309B-48CB-8191-8B00AEEA9E49}" = protocol=6 | dir=in | app=d:\cs2\adobe version cue cs2\bin\versioncuecs2.exe |
"{18051660-8E51-417B-840B-5E4D552C6960}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B045E2A-CE3F-4FE3-9C03-EB88A1B89489}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24270B2F-D452-4087-BE60-7C2757923D81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2DA785BE-6FE4-4151-A227-F841524DF76A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{36B0CCEF-6D45-4717-8F32-CCF2A48C36A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4532D64D-6F56-4CEC-881C-8D6C99481CAF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{46582F47-615C-4F16-8FC6-AC9689D58333}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{480E08CF-C259-4C98-BBD3-6F9C516A296B}" = protocol=6 | dir=out | app=system |
"{4D8E4BEB-13A6-4C3B-87D9-BF8B6CDB43AF}" = protocol=17 | dir=in | app=d:\office 2010\office14\groove.exe |
"{551783FE-6BFB-46ED-87E9-3269CBF8D1DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{585C1D2F-3AAC-4196-81AD-55D6A19340E5}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{63B6EC0A-4B44-46BB-BC3C-0B280C444235}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6703BDDD-D15F-4A69-8629-04971B3E337B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BF96A55-06CD-4138-9C19-6E9680BFE017}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CCDFE3A-B20B-4306-9D60-9A5CB807B198}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6EE542BD-CBA4-4814-8BB4-AAB1F48774CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{88A01A72-8AF0-4132-B398-A88859D3F965}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9429540B-10E3-41CB-B124-8075B15466C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{960A1895-A16E-4C0D-9880-D9580F1CE3FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{980F8C27-3908-414D-A570-968CD45D18A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A86FF6A-6DC5-4750-80FF-480B4B3AD231}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B04D1E99-2CF0-4674-8FD6-667008FA24F8}" = protocol=17 | dir=in | app=d:\cs2\adobe version cue cs2\bin\versioncuecs2.exe |
"{B3D6F9B4-05BA-45B9-A3DB-C3127436829B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BB25DB8B-93D1-49B5-A91F-3E4C302AED84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{BC0FEFBB-1571-4E17-B401-2C9BBD824C53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C27A2EF9-6691-46FD-A8BD-0F72A812856B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C6ECB788-038B-4305-A3E2-C94F14570FCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C866567C-2334-45FC-8BFF-9D0C228FA5BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA14C10C-041E-49E1-88E5-E832CB461D88}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{CADC6738-228D-4881-9981-49BB23402BAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D6D9135B-F5CC-4807-8426-8B06CE82E106}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E13C9AC8-9BD8-4DE8-9300-79CD7635DD19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E55F898B-7B00-44A3-BD3B-3F2F83260D3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE1080EF-D82A-4A1A-B16A-E7B961624C5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{EE93B162-C68E-4B08-9E73-C1CF6FF57D76}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F99F37D4-B3CD-4BF6-BE4C-EBE07B7A8B4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{FCB4AADC-082D-44B8-9B18-F1991AC2E047}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEB09DF4-9219-41B2-926C-36ED93BB386A}" = protocol=6 | dir=in | app=d:\office 2010\office14\groove.exe |
"TCP Query User{699329AB-A62D-468A-A60C-684891D1B090}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A4CA2984-4362-4833-9B2D-8DA9285EADF9}D:\qip\qip.exe" = protocol=6 | dir=in | app=d:\qip\qip.exe |
"TCP Query User{E134C263-EFDC-487C-8549-AFA94F62330B}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E89236B0-E00E-46FC-857F-F12A4F72CE25}D:\qip\qip.exe" = protocol=6 | dir=in | app=d:\qip\qip.exe |
"TCP Query User{EC956BE2-FD33-4F0E-8EFF-749E36159DD8}E:\carcassonne\carcassonne.exe" = protocol=6 | dir=in | app=e:\carcassonne\carcassonne.exe |
"TCP Query User{F6E9E7C9-E587-4359-A0D9-D9F48A7A443B}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{58ED99A5-5B95-4A98-9028-4CA33F5FFB2D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6497E17C-8A1E-451A-9BD7-F3875E849AFB}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{93097477-5A6A-4DA1-B0B1-E68A67C7469B}E:\carcassonne\carcassonne.exe" = protocol=17 | dir=in | app=e:\carcassonne\carcassonne.exe |
"UDP Query User{ADB65D69-8347-4AB0-B413-7953C59D7BDB}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D7B45B6D-EB1F-4615-A2AC-60679E83A67B}D:\qip\qip.exe" = protocol=17 | dir=in | app=d:\qip\qip.exe |
"UDP Query User{D888E531-791A-402C-8D5D-3B9813DA7739}D:\qip\qip.exe" = protocol=17 | dir=in | app=d:\qip\qip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.3
"{1B97D2B4-11A0-47D1-A25B-78E9982C04B6}" = CASSY*Lab*2
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49ABE0DF-5BC9-40E8-8996-7A2938BFB5C2}" = ARIS EXPRESS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CBFE7B86-D51D-4F69-84DD-61E2392CD42A}" = Didger 3
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlazeDTV 2.5a_is1" = BlazeDTV 2.5a
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 7.0
"Freeware.de Toolbar" = Freeware.de Toolbar
"GIMP-2_is1" = GIMP 2.8.2
"gmt4win_is1" = GMT 4.5.8
"GPL Ghostscript 9.06" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pixlromatic" = Pixlr-o-matic
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"The KMPlayer" = The KMPlayer
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.9
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.07.2012 08:19:07 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 24.07.2012 11:54:45 | Computer Name = Elena-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 24.07.2012 16:52:42 | Computer Name = Elena-PC | Source = Application Hang | ID = 1002
Description = Programm BlazeDVD.EXE, Version 4.0.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c18 Startzeit:
01cd69de1042cd27 Endzeit: 100 Anwendungspfad: D:\BlazeDTV 2.5a\BlazeDVD.EXE Berichts-ID:
8039d444-d5d1-11e1-bb49-002219e6e856
Error - 25.07.2012 08:25:15 | Computer Name = Elena-PC | Source = Application Hang | ID = 1002
Description = Programm BlazeDVD.EXE, Version 4.0.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cbc Startzeit:
01cd6a6008622558 Endzeit: 60000 Anwendungspfad: D:\BlazeDTV 2.5a\BlazeDVD.EXE Berichts-ID:
9b1373e2-d653-11e1-ae65-00247e47f393
[ System Events ]
Error - 18.05.2013 16:32:01 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 18.05.2013 16:32:03 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 18.05.2013 16:32:06 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 18.05.2013 16:32:08 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Konnte den Virus im gesicherten Modus deaktivieren..aber er ist ja immer noch da und die letzte Lösung die ich hätte, wäre nur die Neuinstallation..  |
|
19.05.2013, 13:01
| #2 |
| /// Helfer-Team  | System Care Antivirus Hilfe! Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\RunOnce: [AE77ADE6895D6B030000AE76FF746FE9] C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9\AE77ADE6895D6B030000AE76FF746FE9.exe ()
[2013.05.18 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
13.07.2013, 15:39
| #3 |
| /// Helfer-Team | System Care Antivirus Hilfe! Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu System Care Antivirus Hilfe! |
| 32 bit, adobe reader xi, antivir, antivirus, autorun, avira, converter, downloader, enigma, firefox, flash player, install.exe, installation, mozilla, optimizerpro, plug-in, prozess, registry, richtlinie, scan, security, svchost.exe, system, system care, system care antivirus, system care antivirus entfernen, virus, visual studio, windows, windows 7, youtube downloader |
