| |
| |||||||
Log-Analyse und Auswertung: delta searchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2013, 21:19
| #7 |
 |  delta search Hallo hier die DateiOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.Jun.2013 21:44:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karola\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MMM.yyyy
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,70% Memory free
6,00 Gb Paging File | 4,68 Gb Available in Paging File | 77,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 808,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 23,53 Gb Free Space | 58,82% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 918,31 Gb Free Space | 98,61% Space Free | Partition Type: FAT32
Computer Name: KAROLA-PC | User Name: Karola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\Karola\Desktop\Foto\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine CEWE FOTOWELT] -- "C:\Users\Karola\Desktop\Foto\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0354961A-BB40-4D8B-A305-FA2B2664E25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1EDBA4C5-8626-43E4-9917-B34A93920F51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1FD6B8D7-DAD9-423A-9335-4CF58A78C5A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A5422DF-F83C-4950-B7BC-535767A7704C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AAA52F9-F152-4B64-8855-D1B41168869A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E529FCC-28AF-4343-ACB8-3F22FB56D4F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{327F7D2F-DB6D-4D5C-B02B-9A3DB7989C9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37C522BF-B9DC-44BD-8F2A-0449F9D7B0A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{49EBDC60-5494-4A99-BEA4-E99FB71760A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82799CCE-EF1D-46DD-8ECB-DB57D5AB49BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{87B81872-5B53-4171-860F-A412590BDB30}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99ADE214-A354-4297-BE04-F3FAB965C442}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A169B9E7-A080-4BD3-B1F8-8F7FF48AC18A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B11AA14C-16A0-448E-9F0C-BA8C79077681}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA8BD925-B000-414E-A0A1-E8AB1DFE9BFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBA39608-4CF8-4032-8314-FCD55E4EA992}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0031F457-0487-4422-9F4D-0F3DB8272407}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{16A90CF1-E4F4-41E2-9E11-782FAC13E159}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{16C63ABB-1C4E-48D4-BFDD-AFCB7DB6B23E}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1E8CFDDA-E8EB-4AB7-AA23-9ED9CA40F4E5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2507069E-F5D6-4C18-A046-C571CEDD20C6}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{262166ED-6490-4FB6-AB1F-8008F54430D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26B1ABA4-D804-40FD-B9BE-0FB10A4C6322}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{278D2A6E-601B-4C24-B8C1-9AD2926F6E6C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28C5C8E2-BF81-411F-968E-4930B29796A0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A5D01EA-ADBA-40A8-8E50-14E1B00EE505}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2E262167-8195-4073-8128-9378D273EE4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{35D62B33-56F0-497E-AF0B-7237961305F5}" = dir=in | app=c:\program files\cyberlink\mediasync\mediasyncagent.exe |
"{3638CC8F-8B50-4730-B651-AC06B74956CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38510A7A-6BA4-4F26-A3FA-AC2B2096B6FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48A3CFC3-3126-4DB4-BB4C-F15E2298475B}" = dir=in | app=c:\program files\cyberlink\mediasync\mediasync.exe |
"{60109C3D-EADA-4362-B1B1-017BE4881D50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67DC4D90-7E17-43FB-8811-8D4612F94AB0}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe |
"{7511CB1A-3719-4D80-AD9F-61DB3859FFC6}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7E5EDD8D-A53D-49F5-9AD4-C730946288FA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F506247-538C-48CE-9A85-742BD232986C}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{85994D35-4C29-4D83-84F7-76A440486EAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A457385-ACD8-401C-B1C1-9D1BD9A11177}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AE247A8-AAAC-4F6A-ACC9-4DA50E6828A7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{90768193-03B0-4634-8AB5-1A6ACDDB573B}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{96B9A377-AB0B-4B7A-BB26-0A9A1CAE6EBF}" = protocol=6 | dir=out | app=system |
"{9D392AB6-BA57-49A1-834B-986B41E38CCA}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{A1DAAD47-D0DD-40D4-A820-0FEB155078AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B950EE33-10E9-4094-BE00-54E48F59314F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8279932-D624-41E5-9284-D13DA478545D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D72B3F61-A288-4918-8105-EFC22E886FD2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DDC3E153-BAF3-4146-8993-3A6A8B664539}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E11A6B91-1D5C-46AC-B98D-F64BB310EF50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E447785F-FF95-4A11-AAD7-1577C601DCC0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F24A8D75-C900-4999-83DF-A5A2AC3EEC88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F488FC0E-AD09-4577-912D-A59836A9BDAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8DEF3BFB-EC59-44CF-B343-E97972818192}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B205E628-24AB-48EC-83DE-A472D2B9907C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{C82D3542-0E3C-427B-9F05-C48BA063015B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{27F48712-55C4-4AF2-B84A-6868168A5F8E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{3E5CD6BC-4416-4BC4-BB75-4214B33BD5B7}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{CFC47996-085B-49E3-9A82-FA57B936EC64}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05F47394-298E-43F5-82A1-249969CCB6ED}" = MAGIX Speed burnR (MSI)
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{12DA6AE3-4BE5-4422-937A-74713F656DF1}" = MAGIX Foto Manager 10
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A33A7E1-C756-473A-B233-E3AE5554C7C7}" = MAGIX Foto & Grafik Designer 6
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4D605B2E-DC56-45f6-809C-E29BF9470DB9}" = CyberLink MediaSync
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717130C7-FEA7-4D63-AEE3-00EF2F41ACDD}" = HP Officejet 4620 series - Grundlegende Software für das Gerät
"{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}" = HP Officejet 4620 series Hilfe
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B17F7230-4A61-4F4A-8B7F-ADEA26974DA2}" = Erfolgreich_bewerben_bei_Banken
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{B995F1C0-7AAC-4378-AD11-9A0ECF05A4B6}" = MAGIX Online Druck Service
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{BE89CC37-B5F6-4AC9-8E5B-1152DCA35AEA}" = MAGIX Foto Premium 10
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE7F2CA3-ADA3-4907-9013-8B61C370B6E4}" = Haufe Formular-Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DD1D7C0C-1AA0-40E5-ADA6-F95230D0CBB2}" = Studie zur Verbesserung von HP Officejet 4620 series Produkten
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F394BEFF-527E-4038-A6D4-A68D795A4E40}" = MAGIX Screenshare
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Deutschland Toolbar" = AOL Deutschland Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-Azada" = Azada
"Daub Ages" = Daub Ages! 1.53
"Digital Editions" = Adobe Digital Editions
"DTGDesktop-Android" = Documents To Go Desktop for Android
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Upgrade
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Franzis Lebenslauf" = Franzis Lebenslauf
"Genealogie-Service Lexikon" = Genealogie-Service Lexikon
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4D605B2E-DC56-45f6-809C-E29BF9470DB9}" = CyberLink MediaSync
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Lateinische Ausgangsschrift LA_is1" = Pelikan Schulschriften
"MAGIX_MSI_Foto_Grafik_Designer_6_FP10" = MAGIX Foto & Grafik Designer 6
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Foto_Premium_10" = MAGIX Foto Premium 10
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MPE" = MyPhoneExplorer
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"phase-6" = phase-6 2.3.0
"Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Deutschland Toolbar" = AOL Deutschland Toolbar
"DrKawashima" = Dr Kawashima
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.Jun.2013 10:27:42 | Computer Name = Karola-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ipmGui.exe, Version: 13.6.0.986,
Zeitstempel: 0x5138c26f Name des fehlerhaften Moduls: mfc100u.dll, Version: 10.0.40219.325,
Zeitstempel: 0x4df2e0e6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001ebd89 ID des fehlerhaften
Prozesses: 0x534 Startzeit der fehlerhaften Anwendung: 0x01ce68422a1dfaa5 Pfad der
fehlerhaften Anwendung: C:\program files\avira\antivir desktop\ipmGui.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\mfc100u.dll Berichtskennung: 67f7bfaa-d435-11e2-a997-6c626d5f3b8e
Error - 13.Jun.2013 11:26:41 | Computer Name = Karola-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 13.Jun.2013 11:31:22 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 12:19:34 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 12:24:23 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 12:24:42 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 12:36:37 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 13:01:30 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 14:04:34 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.Jun.2013 14:05:46 | Computer Name = Karola-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
[ System Events ]
Error - 13.Jun.2013 12:40:31 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2845690)
Error - 13.Jun.2013 12:41:20 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839229)
Error - 13.Jun.2013 12:41:20 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 (KB2836502)
Error - 13.Jun.2013 12:44:20 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2813430)
Error - 13.Jun.2013 12:44:20 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839894)
Error - 13.Jun.2013 12:47:58 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 (KB2808679)
Error - 13.Jun.2013 12:47:58 | Computer Name = Karola-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Update für Windows 7 (KB2834140)
Error - 13.Jun.2013 13:01:30 | Computer Name = Karola-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 13.Jun.2013 14:04:34 | Computer Name = Karola-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 13.Jun.2013 14:05:46 | Computer Name = Karola-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
< End of report >
Und hier die andere Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.Jun.2013 21:44:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karola\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MMM.yyyy 3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,70% Memory free 6,00 Gb Paging File | 4,68 Gb Available in Paging File | 77,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 808,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 23,53 Gb Free Space | 58,82% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 918,31 Gb Free Space | 98,61% Space Free | Partition Type: FAT32 Computer Name: KAROLA-PC | User Name: Karola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karola\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger) PRC - C:\Programme\MyPhoneExplorer\DLL\adb.exe () PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\MyPhoneExplorer\DLL\adb.exe () MOD - C:\Programme\MyPhoneExplorer\IconLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110231&tt=5212_2&babsrc=SP_ss&mntrId=5ef7949100000000000074f06d53fe49 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKCU\..\SearchScopes\{8B24905B-8F38-449B-B9EE-8CBF958A868D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.8\FF [2012.12.28 14:04:05 | 000,000,000 | ---D | M] [2013.03.05 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions [2013.03.05 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9} [2013.01.20 12:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.28 14:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: Delta Search CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Lord of the Rings = C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlpffkkkndaegmljeiheebaedgdiab\2.8_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (AOL Deutschland Toolbar Loader) - {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (AOL Deutschland Toolbar) - {567d4d94-8077-4682-b887-945f3d644116} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Deutschland Toolbar) - {567D4D94-8077-4682-B887-945F3D644116} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MediaSyncAgent] C:\Program Files\CyberLink\MediaSync\MediaSyncAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MyPhoneExplorer] C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger) O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Karola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: pytalhost.de ([www.tc-sepia-re] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: tc-sepia-re.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{da232390-7cc7-11e2-8b55-6c626d5f3b8e}\Shell - "" = AutoRun O33 - MountPoints2\{da232390-7cc7-11e2-8b55-6c626d5f3b8e}\Shell\AutoRun\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 21:23:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karola\Desktop\OTL.exe [2013.06.13 18:37:29 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{5D037CCD-75C6-4BFC-A4AC-5848E255E148} [2013.06.13 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FF308AF4-E237-41F8-A5DD-608C2ECEF8B9} [2013.06.13 16:27:02 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{4DB5DFDB-C3B0-4457-9545-F05AC4538624} [2013.06.11 17:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.06.11 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\Karola\Documents\Electronic Arts [2013.06.11 17:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.06.11 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\Origin [2013.06.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\Origin [2013.06.11 17:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.06.11 17:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.06.11 17:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.06.11 17:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2013.06.11 17:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2013.06.11 09:51:31 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{7E9DE9E7-CA7D-4B24-9196-796248EC0C16} [2013.06.10 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSaver [2013.06.10 20:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.10 20:11:49 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\WebCake [2013.06.10 20:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake [2013.06.10 20:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.10 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{618B6DFA-9ED0-4D46-BA17-2ECBE5744FF5} [2013.06.09 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{103F5722-A52A-4054-8415-8BDE340F2BA8} [2013.06.08 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E5DB783E-253E-4825-B5F5-4163AF9B9938} [2013.06.07 07:00:33 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{5E8ADAD5-C47A-4539-92C0-1C23B29B12A1} [2013.06.05 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E73459B9-9D68-4E6E-90A0-594C2E844E37} [2013.06.04 13:06:04 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{B53AFC72-CFB4-48CC-A930-3E0C26DBF1ED} [2013.06.03 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{3B1F3B09-0F35-475F-8101-65F5584804FC} [2013.06.03 07:23:25 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{D0E4CC83-8FB9-4E58-998E-FA206A2B5FB1} [2013.06.02 16:54:23 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FA42D718-1B2C-46A1-A13F-5EFF618375E6} [2013.05.31 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{97822941-626C-40E2-AF7A-992C81313586} [2013.05.29 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{F9E97AE5-CF3E-456D-9036-4E31DA32FBA7} [2013.05.28 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\UClick [2013.05.28 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UClick [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2013.05.28 19:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2013.05.28 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{36935F0F-2CDC-41B3-A518-56C2A0117502} [2013.05.27 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\casanova [2013.05.27 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{DE24F584-C8CE-4660-B704-55CB5329D5E8} [2013.05.26 13:20:59 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{7565C5A5-CEA4-4665-896F-726918643439} [2013.05.25 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{ADCEC41A-C6E3-453D-B448-D0014A1CEB82} [2013.05.24 10:24:22 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{C98A95D2-9AAF-4360-9A5C-C3B9AB7F4928} [2013.05.22 07:03:49 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{93C81D0F-BBDD-44DF-937B-828C75514229} [2013.05.21 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{545155BE-0156-4B92-A206-B6F21400D07C} [2013.05.18 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{82C4BE1A-339E-4A59-ACEF-F82A6A13AB71} [2013.05.17 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E8D9DF2A-30B6-4179-8878-695A14A88B19} [2013.05.16 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{CBF8D8D0-14ED-4ACB-B712-E2E04D8A0109} [2013.05.15 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FCB15F81-8185-413F-8A1A-A26BC831EFCB} [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Karola\Documents\*.tmp files -> C:\Users\Karola\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.13 21:45:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 21:45:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 21:38:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 21:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 21:37:30 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 21:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karola\Desktop\OTL.exe [2013.06.13 20:58:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 17:32:50 | 000,000,054 | ---- | M] () -- C:\Users\Karola\Desktop\Dortmund (English-speaking church).url [2013.06.12 17:31:40 | 000,000,063 | ---- | M] () -- C:\Users\Karola\Desktop\Hamm - Evangelisch-methodistische Kirche.url [2013.06.12 17:30:57 | 000,000,064 | ---- | M] () -- C:\Users\Karola\Desktop\Willkommen.url [2013.06.12 17:30:14 | 000,000,065 | ---- | M] () -- C:\Users\Karola\Desktop\Bochum - Evangelisch-methodistische Kirche.url [2013.06.12 17:29:51 | 000,000,072 | ---- | M] () -- C:\Users\Karola\Desktop\Gelsenkirchen - Evangelisch-methodistische Kirche.url [2013.06.11 12:00:56 | 000,000,131 | ---- | M] () -- C:\Users\Karola\Desktop\FHBund Berufsperspektiven.url [2013.05.28 19:49:38 | 000,000,327 | ---- | M] () -- C:\Users\Karola\Desktop\HP Druckerdiagnosetools.url [2013.05.28 19:49:06 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013.05.16 17:09:13 | 000,497,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 22:11:19 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.15 22:11:19 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.15 22:11:19 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.15 22:11:19 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Karola\Documents\*.tmp files -> C:\Users\Karola\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.12 17:32:50 | 000,000,054 | ---- | C] () -- C:\Users\Karola\Desktop\Dortmund (English-speaking church).url [2013.06.12 17:31:40 | 000,000,063 | ---- | C] () -- C:\Users\Karola\Desktop\Hamm - Evangelisch-methodistische Kirche.url [2013.06.12 17:30:57 | 000,000,064 | ---- | C] () -- C:\Users\Karola\Desktop\Willkommen.url [2013.06.12 17:30:14 | 000,000,065 | ---- | C] () -- C:\Users\Karola\Desktop\Bochum - Evangelisch-methodistische Kirche.url [2013.06.12 17:29:51 | 000,000,072 | ---- | C] () -- C:\Users\Karola\Desktop\Gelsenkirchen - Evangelisch-methodistische Kirche.url [2013.06.11 12:00:56 | 000,000,131 | ---- | C] () -- C:\Users\Karola\Desktop\FHBund Berufsperspektiven.url [2013.05.28 19:49:38 | 000,000,327 | ---- | C] () -- C:\Users\Karola\Desktop\HP Druckerdiagnosetools.url [2013.05.28 19:49:06 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013.05.05 20:26:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.04.18 16:48:46 | 000,000,266 | ---- | C] () -- C:\Windows\BUHL.INI [2013.04.06 20:36:50 | 000,032,211 | ---- | C] () -- C:\Users\Karola\Elster ESt2012_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola 1.elfo [2013.03.05 21:08:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll [2012.09.05 20:43:46 | 000,000,083 | ---- | C] () -- C:\Windows\GU.INI [2012.07.18 20:20:48 | 000,235,870 | ---- | C] () -- C:\Users\Karola\ESt2011_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karolay.elfo [2012.07.18 10:00:22 | 000,032,781 | ---- | C] () -- C:\Users\Karola\ESt2011_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola.elfo [2012.07.14 20:24:21 | 000,002,625 | ---- | C] () -- C:\Users\Karola\ESt20011 Kreutzenbeck Rolf und Kreutzenbeck Karola.elfo [2012.05.27 17:58:24 | 000,000,680 | RHS- | C] () -- C:\Users\Karola\ntuser.pol [2012.02.04 20:22:10 | 000,017,408 | ---- | C] () -- C:\Users\Karola\AppData\Local\WebpageIcons.db [2011.07.06 12:56:35 | 000,027,071 | ---- | C] () -- C:\Users\Karola\ESt2010_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola.elfo ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.28 14:03:40 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\BabSolution [2012.12.28 14:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Babylon [2011.10.17 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Big Fish Games [2013.05.27 19:51:38 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\casanova [2013.03.20 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\DocumentsToGoDesktopAndroid [2012.07.14 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\elsterformular [2012.11.25 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\GetRightToGo [2013.03.05 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Haufe Mediengruppe [2012.02.02 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\iMaxGen [2012.09.28 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic Academy [2012.09.28 18:09:36 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic Academy 2 [2012.11.07 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic3 [2011.04.07 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\MAGIX [2013.06.13 18:35:31 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\MyPhoneExplorer [2012.12.26 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Nitreal Games [2013.06.11 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Origin [2012.11.20 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Orneon [2012.11.05 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Phase6 [2011.10.17 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Playrix Entertainment [2010.10.06 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\SoftGrid Client [2013.01.20 12:55:05 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\TomTom [2010.10.03 20:44:46 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\TP [2013.05.28 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\UClick [2010.12.14 08:01:04 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Uniblue [2012.11.02 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\V-Games [2013.06.13 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\WebCake [2012.07.25 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:70E897B5 < End of report > Und hier die andere Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.Jun.2013 21:44:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Karola\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MMM.yyyy 3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,70% Memory free 6,00 Gb Paging File | 4,68 Gb Available in Paging File | 77,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 808,01 Gb Free Space | 90,75% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 23,53 Gb Free Space | 58,82% Space Free | Partition Type: NTFS Drive F: | 931,28 Gb Total Space | 918,31 Gb Free Space | 98,61% Space Free | Partition Type: FAT32 Computer Name: KAROLA-PC | User Name: Karola | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karola\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger) PRC - C:\Programme\MyPhoneExplorer\DLL\adb.exe () PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\MyPhoneExplorer\DLL\adb.exe () MOD - C:\Programme\MyPhoneExplorer\IconLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110231&tt=5212_2&babsrc=SP_ss&mntrId=5ef7949100000000000074f06d53fe49 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKCU\..\SearchScopes\{8B24905B-8F38-449B-B9EE-8CBF958A868D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.8\FF [2012.12.28 14:04:05 | 000,000,000 | ---D | M] [2013.03.05 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions [2013.03.05 21:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9} [2013.01.20 12:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karola\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.28 14:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: Delta Search CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Lord of the Rings = C:\Users\Karola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlpffkkkndaegmljeiheebaedgdiab\2.8_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (AOL Deutschland Toolbar Loader) - {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (AOL Deutschland Toolbar) - {567d4d94-8077-4682-b887-945f3d644116} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Deutschland Toolbar) - {567D4D94-8077-4682-B887-945F3D644116} - C:\Programme\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MediaSyncAgent] C:\Program Files\CyberLink\MediaSync\MediaSyncAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Alamandi tray notifier] C:\Program Files\DEUTSCHLAND SPIELT\Alamandi\TaskBarNotifier.exe File not found O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MyPhoneExplorer] C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger) O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Karola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: pytalhost.de ([www.tc-sepia-re] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: tc-sepia-re.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{da232390-7cc7-11e2-8b55-6c626d5f3b8e}\Shell - "" = AutoRun O33 - MountPoints2\{da232390-7cc7-11e2-8b55-6c626d5f3b8e}\Shell\AutoRun\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2013.06.13 21:23:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karola\Desktop\OTL.exe [2013.06.13 18:37:29 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{5D037CCD-75C6-4BFC-A4AC-5848E255E148} [2013.06.13 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FF308AF4-E237-41F8-A5DD-608C2ECEF8B9} [2013.06.13 16:27:02 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{4DB5DFDB-C3B0-4457-9545-F05AC4538624} [2013.06.11 17:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.06.11 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\Karola\Documents\Electronic Arts [2013.06.11 17:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games [2013.06.11 17:23:52 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\Origin [2013.06.11 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\Origin [2013.06.11 17:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.06.11 17:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.06.11 17:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.06.11 17:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2013.06.11 17:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2013.06.11 09:51:31 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{7E9DE9E7-CA7D-4B24-9196-796248EC0C16} [2013.06.10 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSaver [2013.06.10 20:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.10 20:11:49 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\WebCake [2013.06.10 20:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake [2013.06.10 20:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.10 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{618B6DFA-9ED0-4D46-BA17-2ECBE5744FF5} [2013.06.09 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{103F5722-A52A-4054-8415-8BDE340F2BA8} [2013.06.08 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E5DB783E-253E-4825-B5F5-4163AF9B9938} [2013.06.07 07:00:33 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{5E8ADAD5-C47A-4539-92C0-1C23B29B12A1} [2013.06.05 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E73459B9-9D68-4E6E-90A0-594C2E844E37} [2013.06.04 13:06:04 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{B53AFC72-CFB4-48CC-A930-3E0C26DBF1ED} [2013.06.03 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{3B1F3B09-0F35-475F-8101-65F5584804FC} [2013.06.03 07:23:25 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{D0E4CC83-8FB9-4E58-998E-FA206A2B5FB1} [2013.06.02 16:54:23 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FA42D718-1B2C-46A1-A13F-5EFF618375E6} [2013.05.31 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{97822941-626C-40E2-AF7A-992C81313586} [2013.05.29 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{F9E97AE5-CF3E-456D-9036-4E31DA32FBA7} [2013.05.28 23:08:35 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\UClick [2013.05.28 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UClick [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013.05.28 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2013.05.28 19:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2013.05.28 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{36935F0F-2CDC-41B3-A518-56C2A0117502} [2013.05.27 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Roaming\casanova [2013.05.27 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{DE24F584-C8CE-4660-B704-55CB5329D5E8} [2013.05.26 13:20:59 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{7565C5A5-CEA4-4665-896F-726918643439} [2013.05.25 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{ADCEC41A-C6E3-453D-B448-D0014A1CEB82} [2013.05.24 10:24:22 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{C98A95D2-9AAF-4360-9A5C-C3B9AB7F4928} [2013.05.22 07:03:49 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{93C81D0F-BBDD-44DF-937B-828C75514229} [2013.05.21 18:22:15 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{545155BE-0156-4B92-A206-B6F21400D07C} [2013.05.18 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{82C4BE1A-339E-4A59-ACEF-F82A6A13AB71} [2013.05.17 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{E8D9DF2A-30B6-4179-8878-695A14A88B19} [2013.05.16 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{CBF8D8D0-14ED-4ACB-B712-E2E04D8A0109} [2013.05.15 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Karola\AppData\Local\{FCB15F81-8185-413F-8A1A-A26BC831EFCB} [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Karola\Documents\*.tmp files -> C:\Users\Karola\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.13 21:45:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 21:45:41 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 21:38:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 21:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 21:37:30 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013.06.13 21:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karola\Desktop\OTL.exe [2013.06.13 20:58:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 17:32:50 | 000,000,054 | ---- | M] () -- C:\Users\Karola\Desktop\Dortmund (English-speaking church).url [2013.06.12 17:31:40 | 000,000,063 | ---- | M] () -- C:\Users\Karola\Desktop\Hamm - Evangelisch-methodistische Kirche.url [2013.06.12 17:30:57 | 000,000,064 | ---- | M] () -- C:\Users\Karola\Desktop\Willkommen.url [2013.06.12 17:30:14 | 000,000,065 | ---- | M] () -- C:\Users\Karola\Desktop\Bochum - Evangelisch-methodistische Kirche.url [2013.06.12 17:29:51 | 000,000,072 | ---- | M] () -- C:\Users\Karola\Desktop\Gelsenkirchen - Evangelisch-methodistische Kirche.url [2013.06.11 12:00:56 | 000,000,131 | ---- | M] () -- C:\Users\Karola\Desktop\FHBund Berufsperspektiven.url [2013.05.28 19:49:38 | 000,000,327 | ---- | M] () -- C:\Users\Karola\Desktop\HP Druckerdiagnosetools.url [2013.05.28 19:49:06 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013.05.16 17:09:13 | 000,497,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 22:11:19 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.15 22:11:19 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.15 22:11:19 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.15 22:11:19 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Users\Karola\Documents\*.tmp files -> C:\Users\Karola\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.12 17:32:50 | 000,000,054 | ---- | C] () -- C:\Users\Karola\Desktop\Dortmund (English-speaking church).url [2013.06.12 17:31:40 | 000,000,063 | ---- | C] () -- C:\Users\Karola\Desktop\Hamm - Evangelisch-methodistische Kirche.url [2013.06.12 17:30:57 | 000,000,064 | ---- | C] () -- C:\Users\Karola\Desktop\Willkommen.url [2013.06.12 17:30:14 | 000,000,065 | ---- | C] () -- C:\Users\Karola\Desktop\Bochum - Evangelisch-methodistische Kirche.url [2013.06.12 17:29:51 | 000,000,072 | ---- | C] () -- C:\Users\Karola\Desktop\Gelsenkirchen - Evangelisch-methodistische Kirche.url [2013.06.11 12:00:56 | 000,000,131 | ---- | C] () -- C:\Users\Karola\Desktop\FHBund Berufsperspektiven.url [2013.05.28 19:49:38 | 000,000,327 | ---- | C] () -- C:\Users\Karola\Desktop\HP Druckerdiagnosetools.url [2013.05.28 19:49:06 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013.05.05 20:26:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.04.18 16:48:46 | 000,000,266 | ---- | C] () -- C:\Windows\BUHL.INI [2013.04.06 20:36:50 | 000,032,211 | ---- | C] () -- C:\Users\Karola\Elster ESt2012_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola 1.elfo [2013.03.05 21:08:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll [2012.09.05 20:43:46 | 000,000,083 | ---- | C] () -- C:\Windows\GU.INI [2012.07.18 20:20:48 | 000,235,870 | ---- | C] () -- C:\Users\Karola\ESt2011_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karolay.elfo [2012.07.18 10:00:22 | 000,032,781 | ---- | C] () -- C:\Users\Karola\ESt2011_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola.elfo [2012.07.14 20:24:21 | 000,002,625 | ---- | C] () -- C:\Users\Karola\ESt20011 Kreutzenbeck Rolf und Kreutzenbeck Karola.elfo [2012.05.27 17:58:24 | 000,000,680 | RHS- | C] () -- C:\Users\Karola\ntuser.pol [2012.02.04 20:22:10 | 000,017,408 | ---- | C] () -- C:\Users\Karola\AppData\Local\WebpageIcons.db [2011.07.06 12:56:35 | 000,027,071 | ---- | C] () -- C:\Users\Karola\ESt2010_Kreutzenbeck_Rolf_und_Kreutzenbeck_Karola.elfo ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.28 14:03:40 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\BabSolution [2012.12.28 14:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Babylon [2011.10.17 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Big Fish Games [2013.05.27 19:51:38 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\casanova [2013.03.20 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\DocumentsToGoDesktopAndroid [2012.07.14 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\elsterformular [2012.11.25 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\GetRightToGo [2013.03.05 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Haufe Mediengruppe [2012.02.02 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\iMaxGen [2012.09.28 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic Academy [2012.09.28 18:09:36 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic Academy 2 [2012.11.07 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Magic3 [2011.04.07 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\MAGIX [2013.06.13 18:35:31 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\MyPhoneExplorer [2012.12.26 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Nitreal Games [2013.06.11 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Origin [2012.11.20 15:13:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Orneon [2012.11.05 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Phase6 [2011.10.17 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Playrix Entertainment [2010.10.06 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\SoftGrid Client [2013.01.20 12:55:05 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\TomTom [2010.10.03 20:44:46 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\TP [2013.05.28 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\UClick [2010.12.14 08:01:04 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Uniblue [2012.11.02 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\V-Games [2013.06.13 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\WebCake [2012.07.25 21:27:13 | 000,000,000 | ---D | M] -- C:\Users\Karola\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D987CB43 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:70E897B5 < End of report > |
| Themen zu delta search |
| anfänger, betriebssystem, deinstallieren, delta, delta search entfernen, film, google, helft, interne, internet, loswerden, löschen, neues, nicht mehr, outlook, rechner, richtig, search, systems, systemsteuerung, thema, virus, virus?, window, window 7, youtube, öffnen |
Baum-Darstellung