Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack.Shell.Gen [Solved]

Started by DenisR91 , Dec 19 2013 04:19 PM

  • This topic is locked This topic is locked

#1
DenisR91
Posted 19 December 2013 - 04:19 PM

DenisR91

    New Member

  • Member
  • Pip
  • 9 posts
Dear Community,
I just registered here and already need some help. The problem I have is that Malwarebytes finds 'Hijack.Shell.Gen' every time I let him scan. So, although, I let him remove it every time; it seems like it doesn't do this or not successfully. Furthermore, Avira tells me every time about a hidden object in my computer and I can't find it (probably because it's hidden...). So, can anybody help me to finally remove Hijack and to delete the hidden object(don't know if both are the same)?
I appreciate any help!
  • 0

Advertisements

#2
tom982
Posted 19 December 2013 - 06:26 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello DenisR91 and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

Let's get some logs and see what we can do for you!

OTL

Please download OTL (by OldTimer) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
  • Double-click OTL.exe to run it.
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Security Check

Please download Security Check from one of the links below and save it to your Desktop.

Download Mirror #1


  • Double-click SecurityCheck.exe and follow the on-screen instructions.
  • A text file, checkup.txt, will open when the scan is finished.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom
  • 0

#3
DenisR91
Posted 20 December 2013 - 05:49 AM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 20.12.2013 11:15:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,84% Memory free
4,22 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,81 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hülya\Saved Games\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\UMStor\Res.exe (ali)


========== Modules (No Company Name) ==========

MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()


========== Services (SafeList) ==========

SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNDA3100) -- C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a1epdr5v) -- File not found
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?o...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{127F2729-572B-4D28-8982-BB2458DBBD9A}: "URL" = http://websearch.ask...D6-E1E90623BE43
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{E835F05B-44CE-4F08-8222-480476FAE167}: "URL" = http://de.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54747

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.11 09:36:49 | 000,000,000 | ---D | M]

[2012.11.24 11:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Extensions
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\idxstbkq.default\extensions
[2013.12.13 23:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions
[2013.12.11 10:58:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2013.10.23 19:44:08 | 001,049,565 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2012.12.11 17:26:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 01:38:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.19 14:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.11 12:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.19 19:50:50 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.06.02 14:36:10 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.07.19 19:51:18 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.07.19 19:50:44 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.07.19 19:52:30 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.06.02 14:36:10 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://avira.search....q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - homepage: http://avira.search....2013-12-13&psv=
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\
CHR - Extension: Google Docs = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File not found
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de...nk-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141EC6BC-2BFA-49DE-AF4A-BCC4824AEA03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FDE770-9E8E-41DC-8049-B6AF78B7F75C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90222913-9DB4-4D8C-86B2-72F4C1A387DC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF8B9A1-855B-4245-8A2C-BE144D738FAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (C:\Users\Hülya\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.20 11:08:12 | 000,204,312 | ---- | C] (Trend Micro Inc.) -- C:\Windows\TmNSCIns.dll
[2013.12.20 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.12.20 02:13:45 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\Trend Micro
[2013.12.20 02:03:53 | 089,224,024 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.12.13 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013.12.13 23:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.12.13 22:36:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.13 20:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Malwarebytes
[2013.12.13 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.13 19:10:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.11 20:06:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.12.11 20:06:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.12.11 20:06:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.12.11 20:06:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.12.11 20:06:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.12.11 20:06:14 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.12.11 20:06:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.12.11 20:06:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.12.11 20:03:07 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.12.11 20:03:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.11 20:03:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.12.11 20:03:06 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.12.11 20:03:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.11 20:03:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.12.07 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Policy Domain
[2013.12.07 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Negotiation
[2013.12.07 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Data Analysis
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.12.20 11:10:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.20 11:10:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.20 11:10:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.20 11:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.20 11:10:27 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.20 11:07:42 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.12.20 11:00:18 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000UA.job
[2013.12.20 10:59:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.20 02:36:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.20 02:15:34 | 000,000,036 | ---- | M] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.12.20 02:05:55 | 089,224,024 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.12.19 13:00:10 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000Core.job
[2013.12.17 01:13:04 | 000,643,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.17 01:13:04 | 000,608,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.17 01:13:04 | 000,133,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.17 01:13:04 | 000,109,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.11 20:19:00 | 000,325,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.10 21:36:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.12.10 21:36:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.12.20 02:15:34 | 000,000,036 | ---- | C] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.09.12 17:26:45 | 011,095,378 | ---- | C] () -- C:\Users\Hülya\EU Law(1).zip
[2012.12.22 18:47:05 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.08.12 18:07:03 | 000,000,680 | ---- | C] () -- C:\Users\Hülya\AppData\Local\d3d9caps.dat
[2011.06.19 08:30:14 | 002,237,401 | ---- | C] () -- C:\Program Files\ATK Hotkey_V1.0.0052.zip
[2010.12.15 22:06:07 | 000,048,683 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\A7F2.F28
[2009.06.17 22:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Hülya\AppData\Local\fusioncache.dat
[2009.02.22 19:37:55 | 000,045,568 | ---- | C] () -- C:\Users\Hülya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.18 17:57:54 | 000,024,206 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\UserTile.png
[2008.07.08 13:09:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.12.24 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Cipavi
[2008.03.18 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DAEMON Tools
[2012.06.16 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Diercke Globus Online
[2013.09.06 09:39:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Downloaded Installations
[2013.12.20 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Dropbox
[2013.08.29 03:27:11 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DVDVideoSoft
[2012.10.01 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\FileOpen
[2012.10.11 21:30:34 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\ICAClient
[2010.12.21 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Kiaq
[2013.04.06 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro
[2013.01.16 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro PDF
[2013.12.12 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Spotify
[2012.08.25 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos
[2012.08.25 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos VPN
[2011.07.26 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\SuperEasy Software
[2009.06.17 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\T-Online
[2012.12.13 01:12:59 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TeamViewer
[2009.06.23 20:12:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Toshiba
[2012.06.12 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 20.12.2013 11:15:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,84% Memory free
4,22 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,81 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137F649-3D9B-4636-850D-C16C5FCA28E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{09B70AE6-B5BE-4850-AC69-D65736BDBF51}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C7E85E8-AC83-44A3-B593-C2A68D17CA72}" = lport=445 | protocol=6 | dir=in | app=system |
"{153E972A-9168-45F3-85F6-BE7AA5867FB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D3F6F6D-0AEB-434C-A2A6-246D1E2D0A8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{348C14A5-BAED-4F84-A9CE-AAD52FF7CEB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3CF28603-71C2-446A-8978-841A92A487D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6191349F-94B0-446E-B192-BAFDDB03344C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D1421C5-F6C7-4261-B58D-E52E9B5970E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E977570-FE19-4DFC-B046-832B9F727D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{99338DBE-7029-46CF-A75F-1C52A72D0E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D922E1D8-2B94-4807-A733-8F2E2AFDE1C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{E82F834E-514C-459F-9D90-C5F0A795FBA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F15668-59EB-424D-A20A-9AF50F0B9022}" = protocol=58 | dir=in | [email protected],-28545 |
"{14693FE4-C526-4DD3-802F-423E1A77DAE6}" = protocol=1 | dir=in | [email protected],-28543 |
"{1A08052F-A7FB-455B-BC05-A0350D65A2BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{23E01193-6649-4A9F-B477-B57DBA01472A}" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"{49ED2A63-0912-4CBC-8BA7-F4C64729495A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{532C3B75-067B-47DF-ACC6-3323EF489C83}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{864B95F4-ECB4-4827-BEF6-94D9AE092564}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8926B658-2ED3-4CD7-8987-451C0FE5021E}" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"{89D293F4-DC8F-42CB-9A66-32B4E64F377D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8D92E712-E3DC-40E2-A8CE-85E0C9D0C251}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A396EF5D-F0E2-4604-B5B7-0D9B8E4DD2A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{B75C72A3-7C3F-4CB8-B474-AAE1520EB691}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{EA8237F1-D709-4052-BA1B-DB501E47C8C1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{EBDB635D-49B7-4EE5-B2FD-807B25268974}" = protocol=58 | dir=out | [email protected],-28546 |
"{ED5EA9F6-0382-4894-BB92-E79CA4690F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDAF532D-3657-42D6-9026-305A1F9469D7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F3CE183C-9F4B-426D-BBEB-6478A45CD02C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{FE02A4C1-CF5F-4EA8-A033-CB40B561BCC7}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{05F3F5F2-20B9-48BC-B088-7B7A767912D2}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{122F68DC-E06A-4E4D-8C1C-2714FB6E1C5D}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9000C5FA-532E-4E32-8E47-6915D131AB05}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9B60D710-F681-49F7-BC7D-302476BA0ACA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CE9C2CD2-1015-45C7-BADB-69804AC37A44}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{DF571196-4ED8-4D3F-B71F-D08EEC500378}C:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F7A706FB-AAEF-4D90-8EC6-49859C339B0A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{FF507801-D111-4E5E-B087-2767FBDB0BAD}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1FF808E9-3E4F-4593-B0BE-61F1CD644616}C:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{58F7113B-3C92-4518-BFDE-EFCD77BA774A}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6FD9DCD6-C3F8-4989-AF45-1C47DE584A36}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{89FF9503-DF4A-4FBB-B3AF-C6507C27049F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9E5D7434-11EE-4876-B8D7-CE6D1FCDA589}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C79F86C3-0D3C-4045-98DE-45DD91F283F9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DAA9A1D5-5324-495E-8CA4-A7521F250BF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{FDE2D825-1A81-4568-994C-A417C6F65F7D}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28F5EC38-ACF6-47B8-A182-218AF75A1D82}" = Citrix Receiver (USB)
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{41564952-412D-5637-00A7-A758B70C0600}" = Avira SearchFree Toolbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5027D37B-3677-4F16-9501-A42288EBDB31}" = Nitro Reader 3
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{554E35CF-3A05-4AB0-A5EA-32AB00AA89E9}" = Citrix Receiver(Aero)
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E2131E0-BE55-40FF-BD9A-57D78D2A94A5}" = Citrix Receiver (DV)
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEEA6BB-9E32-48F8-814B-74F4AD71A5F5}" = Citrix Receiver (HDX Flash-Umleitung)
"{6FEC5C36-2ACD-4341-8157-55A0DA342DF7}" = Online Plug-in
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.12.827
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13.12.2013 20:49:00 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.12.2013 19:06:30 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 31.0.1650.63, Zeitstempel
0x529e8b45, fehlerhaftes Modul chrome.dll, Version 31.0.1650.63, Zeitstempel 0x529e84ac,
Ausnahmecode 0xc0000005, Fehleroffset 0x0017a892, Prozess-ID 0x44c, Anwendungsstartzeit
01cef9200ff5dba1.

Error - 14.12.2013 20:27:38 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.12.2013 20:27:38 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.12.2013 20:47:43 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.75.0.1, Zeitstempel 0x511f8eb2,
fehlerhaftes Modul MSVBVM60.DLL, Version 6.0.98.2, Zeitstempel 0x4791a724, Ausnahmecode
0xc0000005, Fehleroffset 0x0005d26c, Prozess-ID 0x167c, Anwendungsstartzeit 01cef92ebae66304.

Error - 15.12.2013 06:57:45 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.75.0.1, Zeitstempel 0x511f8eb2,
fehlerhaftes Modul MSVBVM60.DLL, Version 6.0.98.2, Zeitstempel 0x4791a724, Ausnahmecode
0xc0000005, Fehleroffset 0x0005d26c, Prozess-ID 0x1678, Anwendungsstartzeit 01cef97b9daba145.

Error - 18.12.2013 11:19:58 | Computer Name = Hülya-PC | Source = VSS | ID = 12289
Description =

Error - 19.12.2013 06:53:07 | Computer Name = Hülya-PC | Source = MsiInstaller | ID = 11609
Description =

Error - 19.12.2013 18:00:58 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 31.0.1650.63, Zeitstempel
0x529e8b45, fehlerhaftes Modul chrome.dll, Version 31.0.1650.63, Zeitstempel 0x529e84ac,
Ausnahmecode 0xc0000005, Fehleroffset 0x0017a892, Prozess-ID 0x177c, Anwendungsstartzeit
01cefd01cb492a8c.

Error - 19.12.2013 21:09:45 | Computer Name = Hülya-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 14.0.2.220 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1244 Anfangszeit: 01cefd01a0c3f15c Zeitpunkt der
Beendigung: 0

[ OSession Events ]
Error - 20.03.2012 09:56:32 | Computer Name = Hülya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 475
seconds with 60 seconds of active time. This session ended with a crash.

Error - 14.11.2012 03:09:24 | Computer Name = Hülya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5321
seconds with 3780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19.12.2013 21:42:44 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 13
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
  • 0

#4
tom982
Posted 21 December 2013 - 10:26 AM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi DenisR91,

Have you uninstalled Avira? There are no signs of it in your logs now.

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :commands
[CREATERESTOREPOINT]

:OTL
DRV - (a1epdr5v) -- File not found
CHR - default_search_provider: search_url = http://avira.search....q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [] File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (C:\Users\Hülya\AppData\Roaming\dwm.exe) - File not found
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\pushinst.exe

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Adobe Reader X (10.1.8) - Deutsch
  • Once you have done this, reboot your computer

Then download the latest version of Adobe Reader from here: http://get.adobe.com/de/reader/

Make sure you deselect the option to install any additional software bundled with it.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

GMER

Please download GMER from one of the following locations and save it to your desktop:


  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:

    • IAT/EAT
    • Show All <<< Important

    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

OTL

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

I would also like you to tell me how your computer is running after doing all of this. Any improvements or changes?

Tom
  • 0

#5
DenisR91
Posted 21 December 2013 - 01:23 PM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
# AdwCleaner v3.015 - Bericht erstellt am 21/12/2013 um 18:58:11
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Benutzername : Hülya - HÜLYA-PC
# Gestartet von : C:\Users\Hülya\Saved Games\Downloads\AdwCleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Hülya\AppData\Roaming\Mozilla\Firefox\Profiles\209m2f9p.default\prefs.js ]


[ Datei : C:\Users\Hülya\AppData\Roaming\Mozilla\Firefox\Profiles\idxstbkq.default\prefs.js ]


[ Datei : C:\Users\Hülya\AppData\Roaming\Mozilla\Firefox\Profiles\rig94rah.default-1345927666395\prefs.js ]

Zeile gelöscht : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1387398551922,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...]

-\\ Google Chrome v

[ Datei : C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : suggest_url

*************************

AdwCleaner[R3].txt - [1489 octets] - [21/12/2013 18:56:52]
AdwCleaner[S3].txt - [1410 octets] - [21/12/2013 18:58:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1470 octets] ##########


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-21 19:40:40
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0040 149,05GB
Running: zutktn5x.exe; Driver: C:\Users\HLYA~1\AppData\Local\Temp\kwtoipob.sys


---- System - GMER 2.1 ----

SSDT 8A760076 ZwCreateSection
SSDT 8A760080 ZwRequestWaitReplyPort
SSDT 8A76007B ZwSetContextThread
SSDT 8A760085 ZwSetSecurityObject
SSDT 8A76008A ZwSystemDebugControl
SSDT 8A760017 ZwTerminateProcess

INT 0x51 ? 8487BBF8
INT 0x52 ? 86AB9BF8
INT 0x72 ? 86AB9BF8
INT 0x82 ? 86AB9BF8
INT 0x92 ? 86AB9BF8
INT 0xA2 ? 86AB9BF8
INT 0xA2 ? 86AB9BF8
INT 0xB2 ? 8520DBF8

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 215 822E6860 4 Bytes [76, 00, 76, 8A] {JBE 0x2; JBE 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 539 822E6B84 4 Bytes [80, 00, 76, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 822E6BB8 4 Bytes [7B, 00, 76, 8A] {JNP 0x2; JBE 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 5D1 822E6C1C 4 Bytes [85, 00, 76, 8A] {TEST [EAX], EAX; JBE 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 619 822E6C64 4 Bytes [8A, 00, 76, 8A] {MOV AL, [EAX]; JBE 0xffffff8e}
.text ...
? System32\Drivers\spjp.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88754000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8879D000, 0x510, 0x40000040]

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 8520F1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

Device \Driver\volmgr \Device\VolMgrControl 8487D1F8
Device \Driver\usbuhci \Device\USBPDO-0 86AF93B0
Device \Driver\usbuhci \Device\USBPDO-1 86AF93B0
Device \Driver\usbehci \Device\USBPDO-2 86AC4500
Device \Driver\usbuhci \Device\USBPDO-3 86AF93B0
Device \Driver\netbt \Device\NetBT_Tcpip_{B92FFF73-0C6C-49CF-8600-B8949315E859} 86EDC500
Device \Driver\usbuhci \Device\USBPDO-4 86AF93B0
Device \Driver\usbuhci \Device\USBPDO-5 86AF93B0
Device \Driver\usbehci \Device\USBPDO-6 86AC4500
Device \Driver\volmgr \Device\HarddiskVolume1 8487D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8487D1F8
Device \Driver\cdrom \Device\CdRom0 86B3A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8520E1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8810D6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8520E1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8810D6D0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 8487D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 86EDC500
Device \Driver\Smb \Device\NetbiosSmb 86ED71F8
Device \Driver\iScsiPrt \Device\RaidPort0 86BB81F8
Device \Driver\usbuhci \Device\USBFDO-0 86AF93B0
Device \Driver\usbuhci \Device\USBFDO-1 86AF93B0
Device \Driver\usbehci \Device\USBFDO-2 86AC4500
Device \Driver\usbuhci \Device\USBFDO-3 86AF93B0
Device \Driver\usbuhci \Device\USBFDO-4 86AF93B0
Device \Driver\usbuhci \Device\USBFDO-5 86AF93B0
Device \Driver\usbehci \Device\USBFDO-6 86AC4500
Device \FileSystem\cdfs \Cdfs 84A771F8

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spjp.sys >>UNKNOWN [0x851c5938]<< 851c5938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86430ac8] 86430ac8
Trace 3 CLASSPNP.SYS[8851f8b3] -> nt!IofCallDriver -> [0x8529a720] 8529a720
Trace 5 acpi.sys[805c06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x852b3030] 852b3030

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x8D 0x26 0x70 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x31 0x67 0x1A 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x4E 0xB4 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x8D 0x26 0x70 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x31 0x67 0x1A 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x4E 0xB4 0x4C ...

---- EOF - GMER 2.1 ----

OTL logfile created on: 21.12.2013 21:38:36 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,53% Memory free
4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 26,03 Gb Free Space | 34,93% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Users\Hülya\Saved Games\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\UMStor\Res.exe (ali)


========== Modules (No Company Name) ==========

MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()


========== Services (SafeList) ==========

SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found
SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNDA3100) -- C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a223qo3n) -- File not found
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?o...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{127F2729-572B-4D28-8982-BB2458DBBD9A}: "URL" = http://websearch.ask...D6-E1E90623BE43
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{E835F05B-44CE-4F08-8222-480476FAE167}: "URL" = http://de.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54747

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.21 18:53:11 | 000,000,000 | ---D | M]

[2012.11.24 11:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Extensions
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\idxstbkq.default\extensions
[2013.12.21 15:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions
[2013.12.11 10:58:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2013.12.20 20:30:29 | 001,127,900 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2012.12.11 17:26:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 01:38:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.19 14:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.11 12:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.19 19:50:50 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.06.02 14:36:10 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.07.19 19:51:18 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.07.19 19:50:44 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.07.19 19:52:30 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.06.02 14:36:10 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://avira.search....q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - homepage: http://avira.search....2013-12-13&psv=
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.1_0\
CHR - Extension: Google Docs = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File not found
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de...nk-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141EC6BC-2BFA-49DE-AF4A-BCC4824AEA03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FDE770-9E8E-41DC-8049-B6AF78B7F75C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90222913-9DB4-4D8C-86B2-72F4C1A387DC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF8B9A1-855B-4245-8A2C-BE144D738FAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.21 20:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.12.21 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.12.21 18:56:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.21 18:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.12.21 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Avira
[2013.12.21 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.12.21 18:30:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.21 18:30:27 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.21 18:30:27 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.12.21 18:30:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.21 18:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.12.21 18:07:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.12.20 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.12.20 02:13:45 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\Trend Micro
[2013.12.13 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013.12.13 23:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.12.13 20:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Malwarebytes
[2013.12.13 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.13 19:10:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.07 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Policy Domain
[2013.12.07 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Negotiation
[2013.12.07 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Data Analysis
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.12.21 21:36:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.21 21:34:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.21 21:34:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.21 21:34:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.21 21:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.21 21:34:21 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.21 20:00:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000UA.job
[2013.12.21 19:59:31 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.21 19:40:12 | 000,643,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.21 19:40:12 | 000,608,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.21 19:40:12 | 000,133,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.21 19:40:12 | 000,109,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.21 18:55:32 | 000,000,956 | ---- | M] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.20 13:00:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000Core.job
[2013.12.20 11:07:42 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.12.20 02:15:34 | 000,000,036 | ---- | M] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.12.11 20:19:00 | 000,325,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.12.21 18:55:32 | 000,000,956 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.21 18:53:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.12.20 02:15:34 | 000,000,036 | ---- | C] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.09.12 17:26:45 | 011,095,378 | ---- | C] () -- C:\Users\Hülya\EU Law(1).zip
[2012.12.22 18:47:05 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.08.12 18:07:03 | 000,000,680 | ---- | C] () -- C:\Users\Hülya\AppData\Local\d3d9caps.dat
[2011.06.19 08:30:14 | 002,237,401 | ---- | C] () -- C:\Program Files\ATK Hotkey_V1.0.0052.zip
[2010.12.15 22:06:07 | 000,048,683 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\A7F2.F28
[2009.06.17 22:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Hülya\AppData\Local\fusioncache.dat
[2009.02.22 19:37:55 | 000,045,568 | ---- | C] () -- C:\Users\Hülya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.18 17:57:54 | 000,024,206 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\UserTile.png
[2008.07.08 13:09:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.12.24 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Cipavi
[2008.03.18 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DAEMON Tools
[2012.06.16 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Diercke Globus Online
[2013.09.06 09:39:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Downloaded Installations
[2013.12.21 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Dropbox
[2013.08.29 03:27:11 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DVDVideoSoft
[2012.10.01 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\FileOpen
[2012.10.11 21:30:34 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\ICAClient
[2010.12.21 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Kiaq
[2013.04.06 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro
[2013.01.16 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro PDF
[2013.12.12 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Spotify
[2012.08.25 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos
[2012.08.25 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos VPN
[2011.07.26 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\SuperEasy Software
[2009.06.17 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\T-Online
[2012.12.13 01:12:59 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TeamViewer
[2009.06.23 20:12:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Toshiba
[2012.06.12 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java™ SE Runtime Environment 6
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Well, until now it seems to me like everything has stayed the same. But, to be honest, this is not something that concerns me these days. First of all I want to get rid of this problem, afterwards I can tell you if there are any improvements.

Edited by DenisR91, 21 December 2013 - 06:08 PM.

  • 0

#6
tom982
Posted 24 December 2013 - 04:44 AM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi DenisR91,

The log looks good, but I would like to run a few additional scans just to make sure you're clean:

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is not checked
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Tom
  • 0

#7
DenisR91
Posted 24 December 2013 - 07:05 PM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.24.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hülya :: HÜLYA-PC [Administrator]

Schutz: Deaktiviert

24.12.2013 21:15:05
mbam-log-2013-12-24 (21-15-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331175
Laufzeit: 1 Stunde(n), 28 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.E application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6F5LH49\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\UpdateCheckerSetup.exe Win32/Somoto.D application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Local\Temp\Temporary Internet Files\Content.IE5\N64MLE5O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Hülya\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38P11YU7\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWVWDN8O\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined

You said that the ESET Online Scanner works with Internet Explorer or Mozilla Firefox. Does that mean that Google Chrome is not cleaned? Furthermore, Avira found a hidden object again. Additionally, the programm Malwarebytes found 37 infected objects on Friday, 13th. I put them into the quarantine and deleted them. However, a friend of mine told me that putting into the quarantine is not enough; I would have to do additional things to remove them. However, the report is lost and therefore, he said, my computer could never be safe and clean again because no one can know what to do. Is he right?

Deniz

Edited by DenisR91, 25 December 2013 - 06:55 AM.

  • 0

#8
tom982
Posted 27 December 2013 - 06:30 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Deniz,

Hope you had a nice Christmas!

It also works with Google Chrome, but the instructions are slightly different so it's easier to explicitly mention to use IE/FF. What does Avira tell you about this hidden object? Does it mention any particular file/folder? Quarantining files is preferable actually! The quarantining process involves encoding/encrypting the files so they are unusable, then storing them in a secure area created by the program - usually just a file known as a vault. Once they have been quarantined, there isn't any chance of them 'unquarantining' themselves, per se, but the real advantage of quarantining a file rather than deleting it is that you have the option of restoring it if you wish, which helps if files are quarantined as false positives. If Malwarebytes has quarantined the files, they pose no further risk.

The ESET log detected a lot of files, but none are of real concern and mostly consist of toolbars bundled in installers. Let's get another OTL log and see what things look like now:

OTL

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom
  • 0

#9
DenisR91
Posted 28 December 2013 - 10:10 AM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Tom,

It was nice. Thank you! I hope you had a nice one as well.
Concerning Avira the scan done on 21st told me that everything was fine; the scan on 22nd told me that there is a hidden object. It does not refer to a particular folder but said that there was a hidden device driver. 'A storage change was found which could potentially be used (the German word translated would be abused) to hide data access.' Furthermore, it added that the hidden object was found when it scanned to find rootkits and a clue was found in my archives as well. The scan made today did not find anything. To be honest, Avira has found a hidden object for like two years I think but it could also be three years...What shall I do?
Here is the quick scan by OTL:

OTL logfile created on: 28.12.2013 15:50:16 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,40 Gb Available Physical Memory | 20,11% Memory free
4,22 Gb Paging File | 1,71 Gb Available in Paging File | 40,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 22,26 Gb Free Space | 29,86% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Users\Hülya\Saved Games\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\UMStor\Res.exe (ali)


========== Modules (No Company Name) ==========

MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()


========== Services (SafeList) ==========

SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found
SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNDA3100) -- C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (alzcnuc5) -- File not found
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?o...=EIE9HP&PC=UP50
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{127F2729-572B-4D28-8982-BB2458DBBD9A}: "URL" = http://websearch.ask...D6-E1E90623BE43
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{E835F05B-44CE-4F08-8222-480476FAE167}: "URL" = http://de.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54747

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.22 15:30:07 | 000,000,000 | ---D | M]

[2012.11.24 11:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Extensions
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\idxstbkq.default\extensions
[2013.12.21 15:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions
[2013.12.11 10:58:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2013.12.20 20:30:29 | 001,127,900 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2012.12.11 17:26:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 01:38:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.19 14:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.11 12:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.19 19:50:50 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.06.02 14:36:10 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.07.19 19:51:18 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.07.19 19:50:44 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.07.19 19:52:30 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.06.02 14:36:10 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://avira.search....q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - homepage: http://avira.search....2013-12-13&psv=
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.1_0\
CHR - Extension: Google Docs = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File not found
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de...nk-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141EC6BC-2BFA-49DE-AF4A-BCC4824AEA03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FDE770-9E8E-41DC-8049-B6AF78B7F75C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90222913-9DB4-4D8C-86B2-72F4C1A387DC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF8B9A1-855B-4245-8A2C-BE144D738FAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.24 22:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.12.24 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.24 21:12:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.12.24 21:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.12.22 15:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.12.21 20:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.12.21 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.12.21 18:56:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.21 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Avira
[2013.12.21 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.12.21 18:30:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.21 18:30:27 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.21 18:30:27 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.12.21 18:30:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.21 18:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.12.21 18:07:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.12.20 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.12.20 02:13:45 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\Trend Micro
[2013.12.13 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013.12.13 23:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.12.13 20:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Malwarebytes
[2013.12.13 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.13 19:10:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.07 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Policy Domain
[2013.12.07 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Negotiation
[2013.12.07 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Data Analysis
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.12.28 16:00:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000UA.job
[2013.12.28 15:59:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.28 15:51:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.28 15:51:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.28 15:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.28 13:00:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000Core.job
[2013.12.28 11:51:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.28 11:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.28 11:50:46 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.22 18:19:03 | 000,643,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.22 18:19:03 | 000,608,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.22 18:19:03 | 000,133,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.22 18:19:03 | 000,109,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.21 18:55:32 | 000,000,956 | ---- | M] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.20 11:07:42 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.12.20 02:15:34 | 000,000,036 | ---- | M] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.12.11 20:19:00 | 000,325,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.12.22 15:30:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.12.21 18:55:32 | 000,000,956 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.20 02:15:34 | 000,000,036 | ---- | C] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.09.12 17:26:45 | 011,095,378 | ---- | C] () -- C:\Users\Hülya\EU Law(1).zip
[2012.12.22 18:47:05 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.08.12 18:07:03 | 000,000,680 | ---- | C] () -- C:\Users\Hülya\AppData\Local\d3d9caps.dat
[2011.06.19 08:30:14 | 002,237,401 | ---- | C] () -- C:\Program Files\ATK Hotkey_V1.0.0052.zip
[2010.12.15 22:06:07 | 000,048,683 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\A7F2.F28
[2009.06.17 22:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Hülya\AppData\Local\fusioncache.dat
[2009.02.22 19:37:55 | 000,045,568 | ---- | C] () -- C:\Users\Hülya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.18 17:57:54 | 000,024,206 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\UserTile.png
[2008.07.08 13:09:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.12.24 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Cipavi
[2008.03.18 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DAEMON Tools
[2012.06.16 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Diercke Globus Online
[2013.09.06 09:39:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Downloaded Installations
[2013.12.28 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Dropbox
[2013.12.25 01:31:10 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DVDVideoSoft
[2012.10.01 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\FileOpen
[2012.10.11 21:30:34 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\ICAClient
[2010.12.21 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Kiaq
[2013.04.06 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro
[2013.01.16 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro PDF
[2013.12.27 21:20:57 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Spotify
[2012.08.25 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos
[2012.08.25 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos VPN
[2011.07.26 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\SuperEasy Software
[2009.06.17 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\T-Online
[2012.12.13 01:12:59 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TeamViewer
[2009.06.23 20:12:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Toshiba
[2012.06.12 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Deniz
  • 0

#10
tom982
Posted 29 December 2013 - 05:06 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Deniz,

Good! I also had a great Christmas thanks.

When I first saw you mention Avira complaining about a hidden object, I suspected there was malware deep in your system and had you run GMER to check for rootkits, but it didn't report anything of concern. As far as I am aware, there is nothing currently capable of hiding itself from GMER so I'm confident that these Avira warnings are nothing of concern. I suspect that Avira is detecting the Daemon Tools CD emulation drivers because, due to the nature of these drivers, they like to hide themselves. These two belong to Daemon Tools:

DRV - (alzcnuc5) -- File not found
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()

As you can see, OTL failed to find the filepath of the first one and it's that file that I think Avira is warning you about. There are three things you can do to stop this:

1. Change your anti virus program. There is a lot of debate over which is the best anti virus and you will hear lots of different answers from people within the security community, but I (as well as many others) have always been a fan of Microsoft Security Essentials (MSE). It is very lightweight and won't slow your computer down, it is very stable as it is developed by Microsoft and they know exactly how to make it work with Windows, it has great detections and best of all: it's free! If you want to do this, instructions for removing Avira can be found here and MSE can be downloaded here.
2. Remove Daemon Tools. Removing Daemon tools will remove the drivers that Avira is detecting, so the warning will no longer show.
3. Ignore this problem. It's nothing more than an annoyance and can be safely ignored if you wish.


OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54747
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de...nk-21&site=home File not found
[2013.12.13 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

  • 0

Advertisements

#11
DenisR91
Posted 03 January 2014 - 03:04 AM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Tom,

Wish you a happy new year!
Sorry for replying so late. The last days I have tried to do what you had told me to do but it has not worked. After OTL finished the fixing process, it only said 'EMPTYEMP' and everything on my desktop disappeared. After I had been waiting for several hours I forced the Laptop to turn off. I had to do this every time when I runned the fix button and the programme did never send me a report.

Deniz
  • 0

#12
tom982
Posted 06 January 2014 - 07:51 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Deniz,

I'm so sorry for the delay! I have exams next week and have been completely snowed over with revision. Hmm, not entirely sure why OTL did that but it hasn't caused any noticeable problems to your computer has it? Let's get a fresh OTL log just to check the fix went through okay - it shouldn't be a problem as the EMPTYTEMP directive is performed at the end of the fixing routine, but it's better to be safe than sorry!

OTL

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom
  • 0

#13
DenisR91
Posted 07 January 2014 - 06:12 PM

DenisR91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Tom,

I wish you good luck with your exams! I wrote one on monday.
My computer works as usual. It gets very quickly too noisy, but I think for an old one it works fine.
I could not do anything after OTL finished, it was even hard to close the programme.

OTL logfile created on: 08.01.2014 00:45:54 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,53% Memory free
4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 19,74 Gb Free Space | 26,49% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS

Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hülya\Saved Games\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\UMStor\Res.exe (ali)


========== Modules (No Company Name) ==========

MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()


========== Services (SafeList) ==========

SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found
SRV - (APNMCP) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNDA3100) -- C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a5y3upqp) -- File not found
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?o...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{127F2729-572B-4D28-8982-BB2458DBBD9A}: "URL" = http://websearch.ask...D6-E1E90623BE43
IE - HKCU\..\SearchScopes\{E835F05B-44CE-4F08-8222-480476FAE167}: "URL" = http://de.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.22 15:30:07 | 000,000,000 | ---D | M]

[2012.11.24 11:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Extensions
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\idxstbkq.default\extensions
[2013.12.21 15:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions
[2013.12.11 10:58:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2013.12.20 20:30:29 | 001,127,900 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\[email protected]
[2012.12.11 17:26:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 01:38:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.19 14:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.11 12:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.19 19:50:50 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.06.02 14:36:10 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.07.19 19:51:18 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.07.19 19:50:44 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.07.19 19:52:30 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.06.02 14:36:10 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://avira.search....q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms},
CHR - homepage: http://avira.search....2013-12-13&psv=
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141EC6BC-2BFA-49DE-AF4A-BCC4824AEA03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FDE770-9E8E-41DC-8049-B6AF78B7F75C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90222913-9DB4-4D8C-86B2-72F4C1A387DC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF8B9A1-855B-4245-8A2C-BE144D738FAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014.01.06 00:14:03 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Berichte
[2013.12.24 22:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.12.24 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.24 21:12:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.12.24 21:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.12.22 15:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.12.21 20:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.12.21 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.12.21 18:56:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.21 18:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Avira
[2013.12.21 18:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.12.21 18:30:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.21 18:30:27 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.21 18:30:27 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.12.21 18:30:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.21 18:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.12.21 18:07:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.12.20 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.12.20 02:13:45 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\Trend Micro
[2013.12.13 23:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.12.13 20:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Malwarebytes
[2013.12.13 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.13 19:10:00 | 000,000,000 | ---D | C] -- C:\FRST
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.01.08 00:38:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.08 00:38:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.08 00:38:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.08 00:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.08 00:38:02 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.08 00:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000UA.job
[2014.01.07 23:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.07 23:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.07 13:00:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000Core.job
[2013.12.22 18:19:03 | 000,643,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.22 18:19:03 | 000,608,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.22 18:19:03 | 000,133,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.22 18:19:03 | 000,109,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.21 18:55:32 | 000,000,956 | ---- | M] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.20 11:07:42 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.12.20 02:15:34 | 000,000,036 | ---- | M] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.12.11 20:19:00 | 000,325,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.12.09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.12.09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.12.09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.12.22 15:30:07 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.12.21 18:55:32 | 000,000,956 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.12.20 02:15:34 | 000,000,036 | ---- | C] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.09.12 17:26:45 | 011,095,378 | ---- | C] () -- C:\Users\Hülya\EU Law(1).zip
[2012.12.22 18:47:05 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.08.12 18:07:03 | 000,000,680 | ---- | C] () -- C:\Users\Hülya\AppData\Local\d3d9caps.dat
[2011.06.19 08:30:14 | 002,237,401 | ---- | C] () -- C:\Program Files\ATK Hotkey_V1.0.0052.zip
[2010.12.15 22:06:07 | 000,048,683 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\A7F2.F28
[2009.06.17 22:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Hülya\AppData\Local\fusioncache.dat
[2009.02.22 19:37:55 | 000,045,568 | ---- | C] () -- C:\Users\Hülya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.18 17:57:54 | 000,024,206 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\UserTile.png
[2008.07.08 13:09:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.12.24 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Cipavi
[2008.03.18 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DAEMON Tools
[2012.06.16 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Diercke Globus Online
[2013.09.06 09:39:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Downloaded Installations
[2014.01.08 00:41:20 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Dropbox
[2013.12.25 01:31:10 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DVDVideoSoft
[2012.10.01 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\FileOpen
[2012.10.11 21:30:34 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\ICAClient
[2010.12.21 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Kiaq
[2013.04.06 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro
[2013.01.16 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro PDF
[2014.01.07 23:58:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Spotify
[2012.08.25 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos
[2012.08.25 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos VPN
[2011.07.26 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\SuperEasy Software
[2009.06.17 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\T-Online
[2012.12.13 01:12:59 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TeamViewer
[2009.06.23 20:12:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Toshiba
[2012.06.12 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Deniz
  • 0

#14
tom982
Posted 07 January 2014 - 06:36 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Deniz,

Thank you for understanding, and for your kind words!

Okay, thanks for letting me know about OTL. I wouldn't worry about it though if it's an old computer :)

It seems we got a little sidetracked when OTL threw a wobbly and wouldn't finish, but have you had any thoughts about this:

There are three things you can do to stop this:

1. Change your anti virus program. There is a lot of debate over which is the best anti virus and you will hear lots of different answers from people within the security community, but I (as well as many others) have always been a fan of Microsoft Security Essentials (MSE). It is very lightweight and won't slow your computer down, it is very stable as it is developed by Microsoft and they know exactly how to make it work with Windows, it has great detections and best of all: it's free! If you want to do this, instructions for removing Avira can be found here and MSE can be downloaded here.
2. Remove Daemon Tools. Removing Daemon tools will remove the drivers that Avira is detecting, so the warning will no longer show.
3. Ignore this problem. It's nothing more than an annoyance and can be safely ignored if you wish.


I will review you log and get back to you on that, but in the mean time if you could let me know which option you would like to do then that would be great!

Tom
  • 0

#15
iammykyl
Posted 07 January 2014 - 08:36 PM

iammykyl

    Tech Staff

  • Technician
  • 7,659 posts
Gday.
The latest ver of Deamon tools installs it't spyware, regardless if you untick the box.
Windows has it's own tool, unsupported, for mounting a virtual drives,
> http://www.tech-reci...t_burning_them/
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP