Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Care Antivirus Hilfe!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.05.2013, 21:46   #1
lesierk
 
System Care Antivirus Hilfe! - Standard

System Care Antivirus Hilfe!



Guten Tag,

ich habe mir leider den "System Care Antivirus" Virus eingefangen und kann meinen Laptop jetzt nur im abgesichterten Modus öffnen. Habe mir jetzt mit OTL Logfiles erstellt und würde mich über eure Hilfe sehr freuen!

LG Lesierk

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.05.2013 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elena\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,36% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 1,39 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 52,54 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 39,09 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
 
Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.05.18 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
PRC - [2013.04.13 13:25:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 13:25:30 | 003,133,336 | ---- | M] () -- D:\Firefox\mozjs.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- D:\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.14 22:09:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.28 18:51:36 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 18:51:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- d:\CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.03.28 18:51:40 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 18:51:40 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 18:51:40 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.01 11:27:45 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.04.25 02:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.12.12 18:01:30 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.06.13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://oaming/Mozilla/Firefox/prof [Binary data over 200 bytes]
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 6C 1B AD 72 40 CC 01  [binary data]
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes,DefaultScope = {2C8852F6-B9CD-4C7D-86B1-0FA495924E70}
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{2C8852F6-B9CD-4C7D-86B1-0FA495924E70}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?scope=web&FORM=Z9LH"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.26 11:22:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.26 11:22:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.24 00:14:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.24 00:14:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Firefox\components [2013.04.13 13:25:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Firefox\plugins [2013.03.09 20:25:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: D:\Thunderbird\components [2012.10.23 20:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: D:\Thunderbird\plugins
 
[2011.04.26 19:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions
[2011.04.26 19:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.15 22:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions
[2013.02.10 20:35:09 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2013.05.15 22:04:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.12.24 22:10:24 | 000,000,000 | ---D | M] (Bloglovin') -- C:\Users\Elena\AppData\Roaming\mozilla\Firefox\Profiles\jg367zfo.default\extensions\jid1-JrxwyxPdCKWWcw@jetpack
[2013.05.14 20:20:46 | 000,571,660 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\firefox\profiles\jg367zfo.default\extensions\toolbar@gmx.net.xpi
[2013.05.09 09:03:51 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Elena\AppData\Roaming\mozilla\firefox\profiles\jg367zfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] d:\CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\Run: [] C:\Users\Elena\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\RunOnce: [AE77ADE6895D6B030000AE76FF746FE9] C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9\AE77ADE6895D6B030000AE76FF746FE9.exe ()
O4 - Startup: C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Elena\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AA95DC-40D7-4708-B8BF-242667467E59}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5b8bdd50-a32c-11e0-a0c9-00247e47f393}\Shell - "" = AutoRun
O33 - MountPoints2\{5b8bdd50-a32c-11e0-a0c9-00247e47f393}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.18 22:15:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2013.05.18 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.18 21:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.18 20:13:21 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.18 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9
[2013.05.15 09:06:06 | 000,000,000 | R--D | C] -- C:\Users\Elena\Contacts
[2013.05.14 23:22:06 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.14 23:22:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.14 23:22:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.14 23:22:03 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.14 23:22:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.14 23:22:01 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.14 23:22:01 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.14 23:22:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.14 23:22:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.14 23:22:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.14 22:11:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.14 22:11:28 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.14 22:09:25 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.14 22:09:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.14 22:09:14 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.12 11:46:09 | 000,000,000 | ---D | C] -- C:\Users\Elena\ARISExpress
[2013.05.12 11:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Platform
[2013.05.07 15:57:29 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.04.30 11:14:02 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 11:14:02 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 11:14:02 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 11:14:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 11:14:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 11:14:01 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 11:14:01 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 11:14:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 11:14:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 11:14:01 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 11:14:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 11:14:00 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 11:14:00 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 11:14:00 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 11:14:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 11:14:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 11:14:00 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 11:14:00 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 11:14:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 11:14:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 11:14:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 11:14:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 11:14:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 11:14:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.30 11:13:59 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 11:13:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.25 09:19:32 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\TOC-Karbonat
[2013.04.24 19:18:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Elena\Desktop\*.tmp files -> C:\Users\Elena\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.18 22:15:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elena\Desktop\OTL.exe
[2013.05.18 21:15:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.18 21:14:57 | 1603,039,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 20:13:21 | 000,002,055 | ---- | M] () -- C:\Users\Elena\Desktop\System Care Antivirus.lnk
[2013.05.18 20:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.18 20:03:10 | 000,243,546 | ---- | M] () -- C:\Users\Elena\Desktop\ca3dddf219691145.jpg
[2013.05.18 19:39:43 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.18 19:39:43 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{BBF9F88F-9C5E-417F-89C5-FEEB69507AB1}.job
[2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{B2B2D0C5-80EF-4CEF-AFF7-F8F99DB7ED87}.job
[2013.05.18 19:31:08 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{5DBC0743-4CF5-420F-A13A-1C1E613320AE}.job
[2013.05.15 09:03:44 | 003,749,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.14 22:18:47 | 000,114,713 | ---- | M] () -- C:\Users\Elena\Desktop\945270_522734957792800_541341678_n.jpg
[2013.05.14 22:09:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.14 22:09:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.14 20:26:18 | 000,174,209 | ---- | M] () -- C:\Users\Elena\Desktop\oldenbora_2012_92_20120607_2073770358.jpg
[2013.05.11 13:32:32 | 002,516,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.11 13:32:32 | 000,725,612 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.11 13:32:32 | 000,569,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.11 13:32:32 | 000,542,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.11 13:22:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.11 13:22:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.08 17:08:54 | 000,102,938 | ---- | M] () -- C:\Users\Elena\Desktop\picdump-13-05-03-119.jpg
[2013.05.07 17:02:28 | 000,252,005 | ---- | M] () -- C:\Users\Elena\Desktop\467964_485432231501922_710910352_o.jpg
[2013.05.07 16:55:38 | 000,090,619 | ---- | M] () -- C:\Users\Elena\Desktop\561484_138393569636953_668682765_n.jpg
[2013.05.07 16:54:56 | 000,063,933 | ---- | M] () -- C:\Users\Elena\Desktop\155448_177698775706432_59940906_n.jpg
[2013.05.07 16:54:45 | 000,065,789 | ---- | M] () -- C:\Users\Elena\Desktop\393017_183241101818866_1862792427_n.jpg
[2013.05.07 15:56:51 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.06 21:58:26 | 000,848,760 | ---- | M] () -- C:\Users\Elena\Desktop\921617_450170838406035_1889111583_o.jpg
[2013.04.30 11:14:02 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 11:14:02 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 11:14:02 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 11:14:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 11:14:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 11:14:01 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 11:14:01 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 11:14:01 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 11:14:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 11:14:01 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 11:14:01 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 11:14:00 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 11:14:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 11:14:00 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 11:14:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 11:14:00 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 11:14:00 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 11:14:00 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 11:14:00 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 11:14:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 11:14:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 11:14:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 11:14:00 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 11:14:00 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.30 11:14:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.30 11:13:59 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 11:13:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.29 19:42:12 | 000,087,339 | ---- | M] () -- C:\Users\Elena\Desktop\hBE8E32D1.jpg
[2013.04.29 18:30:05 | 000,164,954 | ---- | M] () -- C:\Users\Elena\Desktop\Nike Free.jpg
[2013.04.28 17:07:36 | 000,326,176 | ---- | M] () -- C:\Users\Elena\Desktop\Stratographie.jpg
[2013.04.28 16:56:20 | 005,164,144 | ---- | M] () -- C:\Users\Elena\Desktop\Legende.cdr
[2013.04.28 16:54:35 | 005,164,166 | ---- | M] () -- C:\Users\Elena\Desktop\Sicherungskopie_vongdfscf.cdr
[2013.04.22 21:12:37 | 000,113,194 | ---- | M] () -- C:\Users\Elena\Desktop\20130422_204251.jpg
[2013.04.22 21:12:04 | 000,106,135 | ---- | M] () -- C:\Users\Elena\Desktop\20130422_204344.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Elena\Desktop\*.tmp files -> C:\Users\Elena\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.18 20:13:21 | 000,002,055 | ---- | C] () -- C:\Users\Elena\Desktop\System Care Antivirus.lnk
[2013.05.18 20:03:09 | 000,243,546 | ---- | C] () -- C:\Users\Elena\Desktop\ca3dddf219691145.jpg
[2013.05.14 22:18:46 | 000,114,713 | ---- | C] () -- C:\Users\Elena\Desktop\945270_522734957792800_541341678_n.jpg
[2013.05.14 20:26:13 | 000,174,209 | ---- | C] () -- C:\Users\Elena\Desktop\oldenbora_2012_92_20120607_2073770358.jpg
[2013.05.08 17:08:52 | 000,102,938 | ---- | C] () -- C:\Users\Elena\Desktop\picdump-13-05-03-119.jpg
[2013.05.07 17:02:28 | 000,252,005 | ---- | C] () -- C:\Users\Elena\Desktop\467964_485432231501922_710910352_o.jpg
[2013.05.07 16:55:38 | 000,090,619 | ---- | C] () -- C:\Users\Elena\Desktop\561484_138393569636953_668682765_n.jpg
[2013.05.07 16:54:55 | 000,063,933 | ---- | C] () -- C:\Users\Elena\Desktop\155448_177698775706432_59940906_n.jpg
[2013.05.07 16:54:42 | 000,065,789 | ---- | C] () -- C:\Users\Elena\Desktop\393017_183241101818866_1862792427_n.jpg
[2013.05.06 21:58:25 | 000,848,760 | ---- | C] () -- C:\Users\Elena\Desktop\921617_450170838406035_1889111583_o.jpg
[2013.04.30 11:14:00 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 19:42:11 | 000,087,339 | ---- | C] () -- C:\Users\Elena\Desktop\hBE8E32D1.jpg
[2013.04.29 18:30:05 | 000,164,954 | ---- | C] () -- C:\Users\Elena\Desktop\Nike Free.jpg
[2013.04.28 22:57:44 | 000,215,564 | ---- | C] () -- C:\Users\Elena\Desktop\b023.jpg
[2013.04.28 17:07:21 | 000,326,176 | ---- | C] () -- C:\Users\Elena\Desktop\Stratographie.jpg
[2013.04.28 16:56:16 | 005,164,166 | ---- | C] () -- C:\Users\Elena\Desktop\Sicherungskopie_vongdfscf.cdr
[2013.04.28 16:54:31 | 005,164,144 | ---- | C] () -- C:\Users\Elena\Desktop\Legende.cdr
[2013.04.22 20:56:28 | 000,113,194 | ---- | C] () -- C:\Users\Elena\Desktop\20130422_204251.jpg
[2013.04.22 20:56:28 | 000,106,135 | ---- | C] () -- C:\Users\Elena\Desktop\20130422_204344.jpg
[2013.03.28 19:26:59 | 000,005,265 | ---- | C] () -- C:\Users\Elena\AppData\Local\recently-used.xbel
[2013.01.10 14:12:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012.12.07 10:59:49 | 000,011,169 | ---- | C] () -- C:\Users\Elena\gsview32.ini
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.02.25 18:26:39 | 000,007,605 | ---- | C] () -- C:\Users\Elena\AppData\Local\Resmon.ResmonCfg
[2011.11.26 17:45:14 | 000,000,050 | ---- | C] () -- C:\Users\Elena\.gtk-bookmarks
[2011.11.18 19:05:58 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2011.10.24 22:30:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\Flowers
[2011.10.24 00:03:32 | 000,221,005 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011.10.24 00:03:32 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011.08.08 13:21:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.08.08 13:21:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.08 13:21:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.08.08 13:21:39 | 000,000,000 | ---- | C] () -- C:\Users\Elena\AppData\Roaming\Grapher
[2011.07.04 21:48:18 | 000,000,000 | ---- | C] () -- C:\Users\Elena\AppData\Local\{9557C478-77CA-4EA1-ACC2-2FA386D9D82A}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\Users\Elena\Desktop\20130422_204344.jpg:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\Elena\Desktop\20130422_204251.jpg:com.dropbox.attributes

< End of report >
         
--- --- ---


EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.05.2013 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elena\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,36% Memory free
3,98 Gb Paging File | 3,12 Gb Available in Paging File | 78,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 1,39 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 52,54 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive E: | 125,46 Gb Total Space | 39,09 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
 
Computer Name: ELENA-PC | User Name: Elena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Neuer Ordner\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Neuer Ordner\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DACA2AD-B1F6-471A-A1EA-29A9B4127005}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10907868-17D9-4B54-964B-88A6DF8F27B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1177E83C-D1FF-4D00-9EE0-992B8C51E348}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14F60E2D-B5D4-49A0-8DD7-A874ADFC2014}" = rport=139 | protocol=6 | dir=out | app=system | 
"{254C1B83-FFA6-493D-AB28-0A66F86BCA4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{29944158-F678-4CD3-9B0C-E73DD201EFA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4FE38FA7-FA67-4327-A05F-7F04AE0A7C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5060208F-EE13-4E5F-99A3-CE2D17B28D8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55BA9744-C48F-4D9B-8416-8E9240F6636E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{58484172-1E74-4F2E-B2EA-833F0B3D40B0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5925EBCD-2020-4360-91A7-C318F986E775}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5E3B9CF4-1C21-4A28-897F-0D6F11774901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{640C9C29-9AA3-4E9E-A83B-6A6D86F607ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{691BD821-62BD-430E-8AF0-B27D1F1F2D2A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6B45689E-C306-41D6-9F98-D82BFD1ACF7C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7236382B-60B5-4399-A21A-F3F45E996D5A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{777D2549-5A8A-4558-9F51-86258483912F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EA8CF88-BBB4-45E2-B9B3-1FDBF370DBF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8096B579-6BFF-4535-AF7C-AD3F8608DB81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8694C3D5-1D4A-4446-ACB4-3ABF7AEC9DDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89B270A8-A00F-4B94-B916-80D5335F1E7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A289E811-A91D-489D-B2B1-06055E11590F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA827824-B3EA-4E8C-84D4-55B97148CFF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF1DE92B-7565-401F-9007-B8C12827D549}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D366F077-82F1-4D80-9D37-9F6F79717D61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DB28DB09-1BCD-4255-BACA-AAEDB8D8B10F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E9F31630-4BCC-428A-B191-0B9887A711A9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{ED5D3EE3-A241-4564-B261-20D530B0B4E1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2449364-F88D-40C5-ADFF-323F28FFC6E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F47B5BE1-0279-43BB-B782-BB37F5D0C52D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F502400C-EB3F-45C5-95FF-67D875779268}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FC6B0F52-BD47-4A06-81DB-3FC119E7B504}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00325120-83A7-4385-93AF-8019D7CE194D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08A4ADA7-B5B7-44F8-94BB-81386B7578F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{14482EA8-309B-48CB-8191-8B00AEEA9E49}" = protocol=6 | dir=in | app=d:\cs2\adobe version cue cs2\bin\versioncuecs2.exe | 
"{18051660-8E51-417B-840B-5E4D552C6960}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B045E2A-CE3F-4FE3-9C03-EB88A1B89489}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{24270B2F-D452-4087-BE60-7C2757923D81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{2DA785BE-6FE4-4151-A227-F841524DF76A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{36B0CCEF-6D45-4717-8F32-CCF2A48C36A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4532D64D-6F56-4CEC-881C-8D6C99481CAF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{46582F47-615C-4F16-8FC6-AC9689D58333}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{480E08CF-C259-4C98-BBD3-6F9C516A296B}" = protocol=6 | dir=out | app=system | 
"{4D8E4BEB-13A6-4C3B-87D9-BF8B6CDB43AF}" = protocol=17 | dir=in | app=d:\office 2010\office14\groove.exe | 
"{551783FE-6BFB-46ED-87E9-3269CBF8D1DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{585C1D2F-3AAC-4196-81AD-55D6A19340E5}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{63B6EC0A-4B44-46BB-BC3C-0B280C444235}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{6703BDDD-D15F-4A69-8629-04971B3E337B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BF96A55-06CD-4138-9C19-6E9680BFE017}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CCDFE3A-B20B-4306-9D60-9A5CB807B198}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{6EE542BD-CBA4-4814-8BB4-AAB1F48774CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{88A01A72-8AF0-4132-B398-A88859D3F965}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{9429540B-10E3-41CB-B124-8075B15466C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{960A1895-A16E-4C0D-9880-D9580F1CE3FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{980F8C27-3908-414D-A570-968CD45D18A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A86FF6A-6DC5-4750-80FF-480B4B3AD231}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{B04D1E99-2CF0-4674-8FD6-667008FA24F8}" = protocol=17 | dir=in | app=d:\cs2\adobe version cue cs2\bin\versioncuecs2.exe | 
"{B3D6F9B4-05BA-45B9-A3DB-C3127436829B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{BB25DB8B-93D1-49B5-A91F-3E4C302AED84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{BC0FEFBB-1571-4E17-B401-2C9BBD824C53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C27A2EF9-6691-46FD-A8BD-0F72A812856B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{C6ECB788-038B-4305-A3E2-C94F14570FCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{C866567C-2334-45FC-8BFF-9D0C228FA5BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA14C10C-041E-49E1-88E5-E832CB461D88}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{CADC6738-228D-4881-9981-49BB23402BAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D6D9135B-F5CC-4807-8426-8B06CE82E106}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E13C9AC8-9BD8-4DE8-9300-79CD7635DD19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E55F898B-7B00-44A3-BD3B-3F2F83260D3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EE1080EF-D82A-4A1A-B16A-E7B961624C5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{EE93B162-C68E-4B08-9E73-C1CF6FF57D76}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F99F37D4-B3CD-4BF6-BE4C-EBE07B7A8B4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{FCB4AADC-082D-44B8-9B18-F1991AC2E047}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEB09DF4-9219-41B2-926C-36ED93BB386A}" = protocol=6 | dir=in | app=d:\office 2010\office14\groove.exe | 
"TCP Query User{699329AB-A62D-468A-A60C-684891D1B090}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{A4CA2984-4362-4833-9B2D-8DA9285EADF9}D:\qip\qip.exe" = protocol=6 | dir=in | app=d:\qip\qip.exe | 
"TCP Query User{E134C263-EFDC-487C-8549-AFA94F62330B}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{E89236B0-E00E-46FC-857F-F12A4F72CE25}D:\qip\qip.exe" = protocol=6 | dir=in | app=d:\qip\qip.exe | 
"TCP Query User{EC956BE2-FD33-4F0E-8EFF-749E36159DD8}E:\carcassonne\carcassonne.exe" = protocol=6 | dir=in | app=e:\carcassonne\carcassonne.exe | 
"TCP Query User{F6E9E7C9-E587-4359-A0D9-D9F48A7A443B}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{58ED99A5-5B95-4A98-9028-4CA33F5FFB2D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6497E17C-8A1E-451A-9BD7-F3875E849AFB}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{93097477-5A6A-4DA1-B0B1-E68A67C7469B}E:\carcassonne\carcassonne.exe" = protocol=17 | dir=in | app=e:\carcassonne\carcassonne.exe | 
"UDP Query User{ADB65D69-8347-4AB0-B413-7953C59D7BDB}C:\users\elena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D7B45B6D-EB1F-4615-A2AC-60679E83A67B}D:\qip\qip.exe" = protocol=17 | dir=in | app=d:\qip\qip.exe | 
"UDP Query User{D888E531-791A-402C-8D5D-3B9813DA7739}D:\qip\qip.exe" = protocol=17 | dir=in | app=d:\qip\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.3
"{1B97D2B4-11A0-47D1-A25B-78E9982C04B6}" = CASSY*Lab*2
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49ABE0DF-5BC9-40E8-8996-7A2938BFB5C2}" = ARIS EXPRESS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CBFE7B86-D51D-4F69-84DD-61E2392CD42A}" = Didger 3
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlazeDTV 2.5a_is1" = BlazeDTV 2.5a
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 7.0
"Freeware.de Toolbar" = Freeware.de Toolbar
"GIMP-2_is1" = GIMP 2.8.2
"gmt4win_is1" = GMT 4.5.8
"GPL Ghostscript 9.06" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pixlromatic" = Pixlr-o-matic
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"The KMPlayer" = The KMPlayer
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.9
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4261671638-2302022960-3560447937-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.07.2012 08:19:07 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 24.07.2012 11:54:45 | Computer Name = Elena-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 24.07.2012 16:23:02 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 24.07.2012 16:24:29 | Computer Name = Elena-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 24.07.2012 16:52:42 | Computer Name = Elena-PC | Source = Application Hang | ID = 1002
Description = Programm BlazeDVD.EXE, Version 4.0.0.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c18    Startzeit: 
01cd69de1042cd27    Endzeit: 100    Anwendungspfad: D:\BlazeDTV 2.5a\BlazeDVD.EXE    Berichts-ID:
 8039d444-d5d1-11e1-bb49-002219e6e856  
 
Error - 25.07.2012 08:25:15 | Computer Name = Elena-PC | Source = Application Hang | ID = 1002
Description = Programm BlazeDVD.EXE, Version 4.0.0.1 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cbc    Startzeit: 
01cd6a6008622558    Endzeit: 60000    Anwendungspfad: D:\BlazeDTV 2.5a\BlazeDVD.EXE    Berichts-ID:
 9b1373e2-d653-11e1-ae65-00247e47f393  
 
[ System Events ]
Error - 18.05.2013 16:32:01 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.05.2013 16:32:03 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.05.2013 16:32:06 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.05.2013 16:32:08 | Computer Name = Elena-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.05.2013 16:33:44 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.05.2013 16:35:52 | Computer Name = Elena-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
Konnte den Virus im gesicherten Modus deaktivieren..aber er ist ja immer noch da und die letzte Lösung die ich hätte, wäre nur die Neuinstallation..

Alt 19.05.2013, 13:01   #2
t'john
/// Helfer-Team
 
System Care Antivirus Hilfe! - Standard

System Care Antivirus Hilfe!





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O4 - HKU\S-1-5-21-4261671638-2302022960-3560447937-1000..\RunOnce: [AE77ADE6895D6B030000AE76FF746FE9] C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9\AE77ADE6895D6B030000AE76FF746FE9.exe () 
[2013.05.18 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AE77ADE6895D6B030000AE76FF746FE9 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 13.07.2013, 15:39   #3
t'john
/// Helfer-Team
 
System Care Antivirus Hilfe! - Standard

System Care Antivirus Hilfe!



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu System Care Antivirus Hilfe!
32 bit, adobe reader xi, antivir, antivirus, autorun, avira, converter, downloader, enigma, firefox, flash player, install.exe, installation, mozilla, optimizerpro, prozess, registry, richtlinie, scan, security, svchost.exe, system, system care, system care antivirus, system care antivirus entfernen, virus, visual studio, windows, windows 7, youtube downloader



Ähnliche Themen: System Care Antivirus Hilfe!


  1. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (22)
  2. System Care Antivirus
    Log-Analyse und Auswertung - 04.09.2013 (5)
  3. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (4)
  4. System Care Antivirus was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (3)
  5. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  6. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  7. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  8. System Care Antivirus beseitigen
    Log-Analyse und Auswertung - 26.06.2013 (49)
  9. System Care Antivirus
    Log-Analyse und Auswertung - 25.06.2013 (33)
  10. System Care Antivirus
    Log-Analyse und Auswertung - 23.06.2013 (9)
  11. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (21)
  12. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (70)
  13. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  14. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  15. System Care Antivirus Win XP
    Mülltonne - 01.05.2013 (1)
  16. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)

Zum Thema System Care Antivirus Hilfe! - Guten Tag, ich habe mir leider den "System Care Antivirus" Virus eingefangen und kann meinen Laptop jetzt nur im abgesichterten Modus öffnen. Habe mir jetzt mit OTL Logfiles erstellt und - System Care Antivirus Hilfe!...
Archiv
Du betrachtest: System Care Antivirus Hilfe! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.