| |  System Care Antivirus wie entfernen?
 Zuerst mal "Hallo an alle"!
Ich bin froh, daß es so ein Forum gibt und das ich es gefunden habe 
Beim surfen nach einem Facebook Button für meine HP hat sich plötzlich das Program "System Care Antivirus" installiert.
Ich habe hier schon gesucht und ein paar Threads zu diesem Thema gefunden, jedoch wird im Forum darauf hingewiesen, daß man bei einem Befall immer einen eigenen Thread erstellen soll, weil jeder Fall anders behandelt werden muss.
Brav wie ich bin habe ich auch schon alle Logfiles nach Anweisung erstellt: PHP-Code: OTL:
OTL logfile created on: 6/21/2013 1:02:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SCS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 64.02% Memory free
7.93 Gb Paging File | 6.11 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65.00 Gb Total Space | 6.01 Gb Free Space | 9.24% Space Free | Partition Type: NTFS
Drive D: | 398.75 Gb Total Space | 378.85 Gb Free Space | 95.01% Space Free | Partition Type: NTFS
Computer Name: CH***** | User Name: SCS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/06/21 13:01:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SCS\Desktop\OTL.exe
PRC - [2013/01/10 16:09:00 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/08 12:39:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/02/19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/06/12 16:59:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 18:20:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/02 09:17:52 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/02/19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2009/08/21 13:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2009/07/14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:[b]64bit:[/b] - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2009/07/10 19:57:04 | 000,923,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:[b]64bit:[/b] - [2009/07/01 12:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:[b]64bit:[/b] - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009/06/04 16:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/07 22:05:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/16 20:33:13] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {B2870846-C589-4328-84E3-C56BD7ECFFF9}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{B2870846-C589-4328-84E3-C56BD7ECFFF9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9A5275AD-87A7-4AC9-AAA4-91675561963F}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=b1addfeb-48f8-40ed-be55-f8a843486075&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{9A5275AD-87A7-4AC9-AAA4-91675561963F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ch*****.at/http [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.amazon.de/hxxp://www.p [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ch*****.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {9A5275AD-87A7-4AC9-AAA4-91675561963F}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=b1addfeb-48f8-40ed-be55-f8a843486075&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6021787C-6325-4140-BBAD-8F102EF490FF}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{9A5275AD-87A7-4AC9-AAA4-91675561963F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA_deAT367
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ch*****.at/|hxxp://www.amazon.de/ref=gno_prmlogo|hxxp://www.paninicomics.de/?s=checkliste|hxxp://comicshop.panini.de/PaniniFumetterie/jsp/AnagraficaTitoli.jsp|hxxp://www.ppm-vertrieb.de/catalog.php?cPath=198_7|hxxp://www.comicguide.de/php/main.php|hxxp://www.heo.com/index.php|hxxp://www.ofcs-shop.de/advanced_search_result.php?keywords=buthead&x=0&y=0|hxxp://reseller.closeup.de/bb/thema/search/q-+cupid.html?lang=bb|hxxp://www.xfueru.de/|hxxp://www.abyssecorp.com/|https://retailerservices.diamondcomics.com/Login/Login?ReturnUrl=%2f|hxxp://www.landahl.de/|hxxp://www.playdeal.de/index.php"
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=b1addfeb-48f8-40ed-be55-f8a843486075&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SCS\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SCS\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/15 13:24:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/15 13:24:19 | 000,000,000 | ---D | M]
[2012/10/02 15:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\Extensions
[2013/05/27 16:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\Firefox\Profiles\cvnl4unm.default\extensions
[2013/03/25 10:53:55 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\SCS\AppData\Roaming\mozilla\Firefox\Profiles\cvnl4unm.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2013/05/27 16:10:59 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\firebug@software.joehewitt.com.xpi
[2013/04/18 10:43:49 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/12/12 16:13:25 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/04/02 12:58:03 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/05/07 09:33:01 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/03/20 17:21:30 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013/01/15 16:54:57 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/12/08 05:35:54 | 000,005,283 | ---- | M] () (No name found) -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\,MaheshmadhukardhondAcPro.xpi
[2011/10/05 18:14:03 | 000,002,503 | ---- | M] () -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\searchplugins\SearchResults.xml
[2013/01/14 13:05:32 | 000,003,915 | ---- | M] () -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\searchplugins\sweetim.xml
[2012/10/02 10:35:41 | 000,002,455 | ---- | M] () -- C:\Users\SCS\AppData\Roaming\mozilla\firefox\profiles\cvnl4unm.default\searchplugins\Web Search.xml
[2013/05/22 18:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/22 18:20:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/05 18:14:03 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=TJ&userid=b1addfeb-48f8-40ed-be55-f8a843486075&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SCS\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SCS\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SCS\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: YouTube = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SweetIM for Facebook = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Google Mail = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: SweetIM for Facebook = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Google Mail = C:\Users\SCS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\SCS\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\SCS\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\PROGRA~2\FUJITS~2\OSDUTI~1.EXE (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [Fujitsu Wireless Control] C:\PROGRA~2\FUJITS~2\WIRELE~1.EXE (Quanta Company)
O4 - HKLM..\Run: [Launch Manager] C:\PROGRA~2\FUJITS~1\LAUNCH~1.EXE (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [C H***** Drucker] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE /FU "C:\Users\SCS\AppData\Local\Temp\E_S35A1.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON BX610FW Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJU.EXE /FU "C:\Windows\TEMP\E_S9425.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Nvidia driver] C:\Users\SCS\AppData\Roaming\csrss.exe File not found
O4 - HKCU..\RunOnce: [42F0690D2454ED3B000042F02623F431] C:\ProgramData\42F0690D2454ED3B000042F02623F431\42F0690D2454ED3B000042F02623F431.exe ()
O4 - Startup: C:\Users\SCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube Download - C:\Users\SCS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\SCS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SCS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE28027-AEF3-43D1-997C-BA5991767A34}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB0C2A9-1F36-4AE5-A76B-4F684A4D2AD8}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:[b]64bit:[/b] - Protocol\Handler\cdo - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/06/21 13:01:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SCS\Desktop\OTL.exe
[2013/06/21 12:20:34 | 000,000,000 | R--D | C] -- C:\Users\SCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2013/06/21 12:15:52 | 000,000,000 | ---D | C] -- C:\Users\SCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013/06/21 12:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\42F0690D2454ED3B000042F02623F431
[2013/06/18 11:35:15 | 000,000,000 | ---D | C] -- C:\Users\SCS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/06/18 11:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/06/18 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\SCS\AppData\Roaming\Notepad++
[2013/06/18 11:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013/06/01 15:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013/06/01 15:28:34 | 000,000,000 | ---D | C] -- C:\Users\SCS\Documents\Email
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/06/21 13:01:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SCS\Desktop\OTL.exe
[2013/06/21 13:00:33 | 000,000,000 | ---- | M] () -- C:\Users\SCS\defogger_reenable
[2013/06/21 12:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/21 12:56:06 | 000,050,477 | ---- | M] () -- C:\Users\SCS\Desktop\Defogger.exe
[2013/06/21 12:41:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503251525-2215928949-135441493-1001UA.job
[2013/06/21 12:27:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 12:27:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/21 12:20:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 12:19:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/21 12:19:33 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/21 12:17:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 12:15:52 | 000,002,054 | ---- | M] () -- C:\Users\SCS\Desktop\System Care Antivirus.lnk
[2013/06/20 14:41:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503251525-2215928949-135441493-1001Core.job
[2013/06/20 12:40:08 | 000,000,600 | ---- | M] () -- C:\Users\SCS\AppData\Local\PUTTY.RND
[2013/06/19 09:44:23 | 000,002,368 | ---- | M] () -- C:\Users\SCS\Desktop\Google Chrome.lnk
[2013/06/18 11:35:15 | 000,001,055 | ---- | M] () -- C:\Users\SCS\Desktop\Notepad++.lnk
[2013/06/15 11:48:56 | 000,000,000 | ---- | M] () -- C:\Users\SCS\Documents\configuration.php
[2013/06/15 11:15:43 | 000,000,053 | ---- | M] () -- C:\Users\SCS\Documents\google5cda6364daf4dcf9.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/06/21 13:00:33 | 000,000,000 | ---- | C] () -- C:\Users\SCS\defogger_reenable
[2013/06/21 12:59:54 | 000,050,477 | ---- | C] () -- C:\Users\SCS\Desktop\Defogger.exe
[2013/06/21 12:15:52 | 000,002,054 | ---- | C] () -- C:\Users\SCS\Desktop\System Care Antivirus.lnk
[2013/06/18 11:35:15 | 000,001,055 | ---- | C] () -- C:\Users\SCS\Desktop\Notepad++.lnk
[2013/06/15 11:48:56 | 000,000,000 | ---- | C] () -- C:\Users\SCS\Documents\configuration.php
[2013/06/15 11:15:42 | 000,000,053 | ---- | C] () -- C:\Users\SCS\Documents\google5cda6364daf4dcf9.html
[2013/06/01 15:57:24 | 000,001,252 | ---- | C] () -- C:\Users\SCS\Desktop\Disk Cleanup.lnk
[2012/08/01 16:59:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/01 13:27:26 | 000,000,837 | ---- | C] () -- C:\Users\SCS\.recently-used.xbel
[2012/03/01 12:50:38 | 000,000,048 | ---- | C] () -- C:\Users\SCS\.gtk-bookmarks
[2010/03/02 13:25:05 | 000,000,600 | ---- | C] () -- C:\Users\SCS\AppData\Local\PUTTY.RND
[2010/02/17 13:13:46 | 000,000,022 | ---- | C] () -- C:\Users\SCS\AppData\Roaming\directx9.0.sys
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2013/05/06 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Audacity
[2010/02/18 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Azureus
[2011/03/12 13:04:49 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Canneverbe Limited
[2013/03/25 10:53:51 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Complitly
[2011/03/12 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\DVDVideoSoft
[2011/03/12 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/12 13:15:50 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\EAC
[2013/06/21 09:46:16 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\FileZilla
[2011/10/05 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\FreeAudioPack
[2012/09/08 13:17:47 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Freemium
[2012/03/01 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\gtk-2.0
[2011/10/05 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Jens Lorek
[2010/04/19 13:49:49 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\mquadr.at
[2013/06/18 11:35:28 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Notepad++
[2012/10/02 10:33:07 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\OpenCandy
[2010/02/17 01:12:00 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\PhotoFiltre
[2013/03/25 10:48:50 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Software Updater
[2011/03/12 15:11:16 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\TubeBox
[2012/09/08 13:16:43 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\TuneUp Software
[2010/02/18 03:21:33 | 000,000,000 | ---D | M] -- C:\Users\SCS\AppData\Roaming\Windows Live Writer
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
PHP-Code: Extras:
OTL Extras logfile created on: 6/21/2013 1:02:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SCS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 64.02% Memory free
7.93 Gb Paging File | 6.11 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 65.00 Gb Total Space | 6.01 Gb Free Space | 9.24% Space Free | Partition Type: NTFS
Drive D: | 398.75 Gb Total Space | 378.85 Gb Free Space | 95.01% Space Free | Partition Type: NTFS
Computer Name: CH***** | User Name: SCS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files (x86)\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files (x86)\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreemiumAnalyze] -- C:\Program Files (x86)\Covus Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)
Directory [FreemiumFindEmptyFolders] -- C:\Program Files (x86)\Covus Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"sysdiag64.exe" = C:\windows\sysdiag64.exe
"sysdiag64.exe" = C:\windows\sysdiag64.exe
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06673387-CBD6-4294-A36F-69749C88A922}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09717219-D56F-421B-8DDC-6AAC7E64B22C}" = lport=139 | protocol=6 | dir=in | app=system |
"{0E3EC619-4DE8-4060-9C0E-68A6146AF19F}" = lport=137 | protocol=17 | dir=in | app=system |
"{12A2A360-C6C4-47F6-8AFC-AE2ACE5930B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12A54497-CC21-449E-83AE-3F9569F9FAC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{153DDED4-A5F2-43FA-B581-8684D1929CCB}" = lport=445 | protocol=6 | dir=in | app=system |
"{256E3883-7023-44F2-A121-65B7A8CC2675}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B7DAA31-B6CC-431D-99C4-6243BDDD480F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3ABB87BD-92D5-49D6-B527-60E34E980B7E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B060761-D353-4271-B0C9-07853121B68C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F8823F8-5B08-4671-B7DB-C51D6CFF822C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{548E6334-4632-4889-9E3A-E4F10D996D1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59A1BAD0-B1DE-426E-9A81-AC570B6F6B61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5B01924E-4AAE-4026-B8D4-76A288EA18FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{604A6DE6-13BC-4321-A102-9282D3DFF6D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65321EE5-0486-4263-9E7A-B37A33AF5AC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{687A2F9E-164E-4DB2-8E4F-5BE1E69DFC52}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EDA678E-673E-46E3-9C96-7B407576A2A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8917E975-35A2-4D6A-BEF0-9A54F249CB54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BC58496-C17E-43BE-9013-E957278AB4D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB23D276-9377-4644-85F1-0480D3098FBC}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFC69384-7AB5-407A-9395-194534505376}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC1F9480-5ADC-422D-A9C7-F1E5C22E29C6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8FC2985-A40C-4BCA-9C4A-9748420E343F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FE0DEFCC-297D-493F-867C-2941BB2FA4CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B95474D-AA5C-4BE7-9217-4F3EEA4A5A7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0CEA6B53-3969-4866-8394-CD2128803148}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15D5AB9E-F43F-4134-81FF-9A464B83B355}" = protocol=6 | dir=out | app=system |
"{181072E1-13CF-4CEB-9B78-D04AE5D2BFA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19945D9F-ADDC-4DC5-94E9-67895E3B25FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CD6A23F-A4C9-4E41-98B5-405EB807A053}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D03E1CE-4460-45C1-94E3-C66C54C6EBF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DEA8FDE-67CD-46E3-BE05-8E7CE03A225A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25D2CDF0-64EC-43B4-AFA0-527D7F96BEB7}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe |
"{2732CEBA-A733-47B3-A310-4BC514D6ED7D}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe |
"{2C3CBAF1-1115-4C99-BD95-7475FE007B40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41AF9CA0-199E-45B3-8D39-20EBB9BFAA31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{481B2D82-D5F8-4E85-8A1D-716381F0AFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe |
"{52DB38A8-49AD-410A-94C2-82B47064C5CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{659B03A7-D093-49B7-9EBE-03AD58EC2F0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65FA02AA-3184-4ABA-AE3B-93328D5E4C60}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe |
"{6C51FB0B-A747-4AAC-8C77-24C7CA9A9321}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{788EDA6F-9CE9-4A7A-A1AE-5076D061EF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85EE7042-AC87-4E42-9C43-84B956706366}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91C9FA3A-387D-4B50-A1DD-E31D33A34FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{988E8A95-D21A-4547-8607-50886D3C44FD}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9B19F0F7-BDFA-41FA-B9CE-5F2DE8019C6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A0FD6155-6579-493D-802B-299067E5716A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1BE2DC4-A7C6-425A-8EE0-A828D2443EE1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6A84DE8-873A-4252-BAB4-7D73446D9772}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A9B4333F-6CC5-44E8-8080-ACB7CE51465B}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AAC3F525-674F-449B-8623-0CD826584598}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AB038F0F-D929-4420-9C9E-993C2E39DADF}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{B4052450-ED68-45F6-8809-374782DBB4EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB5775B2-C9DA-4CA7-ACA9-AF920CEE2EF1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{BCA5EEA2-FB5C-49A7-BEB1-1FE0FDCBD4F0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD1BC30F-9C63-47CC-A9E1-AD703A1507B6}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{D467904B-EA2F-42F3-9945-C272FF174017}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{DBB0D20C-EB0B-4D20-8103-52C7D0B41288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD1670BE-77EB-4A15-A62A-77F627779E13}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{ED4B0979-B897-4315-9365-CEA9355F057D}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{FD84C426-6B45-412D-9CCC-BAD953E8C5B6}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"TCP Query User{3BD7CFA2-B947-4376-B7D4-2D65800A79A7}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{53442856-1A33-444C-8D3F-5B04167B361C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6A989D6B-D77E-4DBB-ADB1-57983BF42343}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{AC9E4A2E-7F0E-4230-9F76-CD78A20B6562}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{B3FAD861-4F7A-4D0F-B72F-1EACB0CC461D}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{DC16BB2A-9C54-470B-AAF0-6076D94B93D4}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{329C3173-171D-4DA9-A883-A46120C66BAD}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{4C38756E-A706-4736-A1D8-C407EDDEA5D4}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{7276656C-CAEE-415A-80B2-5E597652AD3B}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{B405424B-366E-4E9A-98E4-0823F210F1C1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C5E23DA6-1DF6-4E0D-B97E-9106DEFF9BEE}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{EA5C54A9-155B-4F84-825E-1FFEE433CC24}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1241CE77-0B65-40A0-B893-02EA49E35332}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON BX610FW Series" = EPSON BX610FW Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{36cce162-d1f4-4693-bef6-6946de1d3ed3}" = TubeBox
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5B1AD112-82BF-4763-8C0B-94FF99A1C17C}" = TubeBox
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL-Series Software User's Guide
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ee9b54a6-93dd-4070-80ae-743f58319407}" = Free System Utilities
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBA423C2-1655-4859-81A1-8D700A90AD8A}" = Free SystemUtilities
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ares" = Ares 2.1.7
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"Controller" = Controller
"EPSON Scanner" = EPSON Scan
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FileZilla Client" = FileZilla Client 3.3.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Studio_is1" = Free Studio version 5.0.6
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL-Series Software User's Guide
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"xampp" = XAMPP 1.6.6a
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 6/18/2013 4:14:00 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/18/2013 9:59:25 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/18/2013 10:27:03 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/19/2013 4:16:18 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/19/2013 5:52:35 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/20/2013 3:53:55 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/20/2013 4:07:21 AM | Computer Name = ch***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x251ff7a4 ID des fehlerhaften
Prozesses: 0xf58 Startzeit der fehlerhaften Anwendung: 0x01ce6d8a421c84cb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6ea31a70-d980-11e2-8b92-000df07859ee
Error - 6/21/2013 3:19:10 AM | Computer Name = ch***** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/21/2013 6:07:19 AM | Computer Name = ch***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x14a0 Startzeit der fehlerhaften Anwendung: 0x01ce6e670f71fd18 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 5b318d13-da5a-11e2-90f3-000df07859ee
Error - 6/21/2013 6:35:14 AM | Computer Name = ch***** | Source = VSS | ID = 8194
Description =
[ Media Center Events ]
Error - 4/19/2010 3:40:34 AM | Computer Name = ch***** | Source = MCUpdate | ID = 0
Description = 09:40:34 - Fehler beim Herstellen der Internetverbindung. 09:40:34
- Serververbindung konnte nicht hergestellt werden..
Error - 4/19/2010 3:40:44 AM | Computer Name = ch***** | Source = MCUpdate | ID = 0
Description = 09:40:39 - Fehler beim Herstellen der Internetverbindung. 09:40:39
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 6/19/2013 11:08:16 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/19/2013 11:15:36 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/19/2013 11:15:36 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/20/2013 3:22:50 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/20/2013 3:22:56 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/21/2013 2:41:49 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/21/2013 2:41:57 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/21/2013 6:20:48 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/21/2013 6:20:57 AM | Computer Name = ch***** | Source = DCOM | ID = 10016
Description =
Error - 6/21/2013 6:23:07 AM | Computer Name = ch***** | Source = DCOM | ID = 10010
Description =
< End of report >
PHP-Code: Gmer:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 15:14:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SCS\AppData\Local\Temp\fwlcrpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003403000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000340302f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
.text C:\Users\SCS\Desktop\OTL.exe[6016] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075d81465 2 bytes [D8, 75]
.text C:\Users\SCS\Desktop\OTL.exe[6016] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075d814bb 2 bytes [D8, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000df07859ee
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000df07859ee@002332f39c18 0x12 0x28 0xDC 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000df07859ee (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000df07859ee@002332f39c18 0x12 0x28 0xDC 0xA0 ...
---- EOF - GMER 2.1 ----
Könnt ihr mir hier bitte behilflich sein? 
Ich bin nur ein Anwender und richte alleine wahrscheinlich mehr Schaden an, als ich richten könnte 
VIELEN, LIEBEN DANK im voraus!!!
|
21.06.2013, 17:05
Baum-Darstellung