OTL logfile created on: 20.12.2013 11:15:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,84% Memory free
4,22 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,81 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Hülya\Saved Games\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\UMStor\Res.exe (ali)
========== Modules (No Company Name) ========== MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Users\Hülya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Hülya\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
MOD - C:\Programme\NETGEAR\WNDA3100v2\WifiSvcLib.dll ()
========== Services (SafeList) ========== SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NitroReaderDriverReadSpool3) -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNDA3100) -- C:\Programme\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a1epdr5v) -- File not found
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://de.msn.com/?o...=EIE9HP&PC=UP50IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{127F2729-572B-4D28-8982-BB2458DBBD9A}: "URL" =
http://websearch.ask...D6-E1E90623BE43IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\SearchScopes\{E835F05B-44CE-4F08-8222-480476FAE167}: "URL" =
http://de.search.yah...p={SearchTerms}IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54747
========== FireFox ========== FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hülya\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.11 09:36:49 | 000,000,000 | ---D | M]
[2012.11.24 11:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Extensions
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008.03.18 18:23:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\209m2f9p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\idxstbkq.default\extensions
[2013.12.13 23:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions
[2013.12.11 10:58:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hülya\AppData\Roaming\mozilla\Firefox\Profiles\rig94rah.default-1345927666395\extensions\
[email protected][2013.10.23 19:44:08 | 001,049,565 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\
[email protected][2012.12.11 17:26:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Hülya\AppData\Roaming\mozilla\firefox\profiles\rig94rah.default-1345927666395\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.12.13 22:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.18 01:38:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.19 14:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.11 12:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.07.19 19:50:50 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011.06.02 14:36:10 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011.07.19 19:51:18 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011.07.19 19:50:44 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.07.19 19:52:30 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011.06.02 14:36:10 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
========== Chrome ========== CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url =
http://avira.search....q={searchTerms}CHR - default_search_provider: suggest_url =
http://ss.websearch....q={searchTerms},
CHR - homepage:
http://avira.search....2013-12-13&psv=CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H\u00FClya\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\
CHR - Extension: Google Docs = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Mail = C:\Users\Hülya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe File not found
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hülya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -
http://rover.ebay.co...-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
http://www.amazon.de...nk-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{141EC6BC-2BFA-49DE-AF4A-BCC4824AEA03}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FDE770-9E8E-41DC-8049-B6AF78B7F75C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90222913-9DB4-4D8C-86B2-72F4C1A387DC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF8B9A1-855B-4245-8A2C-BE144D738FAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214267908-4288766644-999623428-1000 Winlogon: Shell - (C:\Users\Hülya\AppData\Roaming\dwm.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hülya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{14250a13-7a18-11de-aa76-0016449c411a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d9cb913-4c5f-11e2-8ef8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell - "" = AutoRun
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c932e0f9-f505-11dc-959f-0016449c411a}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013.12.20 11:08:12 | 000,204,312 | ---- | C] (Trend Micro Inc.) -- C:\Windows\TmNSCIns.dll
[2013.12.20 02:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013.12.20 02:13:45 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\Trend Micro
[2013.12.20 02:03:53 | 089,224,024 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.12.13 23:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Local\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013.12.13 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2013.12.13 23:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013.12.13 22:36:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.13 20:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:16:23 | 000,000,000 | ---D | C] -- C:\Users\Hülya\AppData\Roaming\Malwarebytes
[2013.12.13 19:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.13 19:10:00 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.11 20:06:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.12.11 20:06:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.12.11 20:06:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.12.11 20:06:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.12.11 20:06:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.12.11 20:06:14 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.12.11 20:06:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.12.11 20:06:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.12.11 20:03:07 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013.12.11 20:03:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.12.11 20:03:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013.12.11 20:03:06 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.12.11 20:03:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.12.11 20:03:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013.12.07 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Policy Domain
[2013.12.07 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Negotiation
[2013.12.07 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Hülya\Data Analysis
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013.12.20 11:10:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.20 11:10:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.20 11:10:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.20 11:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.20 11:10:27 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.20 11:07:42 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.12.20 11:00:18 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000UA.job
[2013.12.20 10:59:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.20 02:36:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.20 02:15:34 | 000,000,036 | ---- | M] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.12.20 02:05:55 | 089,224,024 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.12.19 13:00:10 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214267908-4288766644-999623428-1000Core.job
[2013.12.17 01:13:04 | 000,643,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.12.17 01:13:04 | 000,608,716 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.12.17 01:13:04 | 000,133,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.12.17 01:13:04 | 000,109,954 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.12.11 20:19:00 | 000,325,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.12.10 21:36:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.12.10 21:36:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2013.12.20 02:15:34 | 000,000,036 | ---- | C] () -- C:\Users\Hülya\AppData\Local\housecall.guid.cache
[2013.09.12 17:26:45 | 011,095,378 | ---- | C] () -- C:\Users\Hülya\EU Law(1).zip
[2012.12.22 18:47:05 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.08.12 18:07:03 | 000,000,680 | ---- | C] () -- C:\Users\Hülya\AppData\Local\d3d9caps.dat
[2011.06.19 08:30:14 | 002,237,401 | ---- | C] () -- C:\Program Files\ATK Hotkey_V1.0.0052.zip
[2010.12.15 22:06:07 | 000,048,683 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\A7F2.F28
[2009.06.17 22:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Hülya\AppData\Local\fusioncache.dat
[2009.02.22 19:37:55 | 000,045,568 | ---- | C] () -- C:\Users\Hülya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.18 17:57:54 | 000,024,206 | ---- | C] () -- C:\Users\Hülya\AppData\Roaming\UserTile.png
[2008.07.08 13:09:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2010.12.24 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Cipavi
[2008.03.18 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DAEMON Tools
[2012.06.16 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Diercke Globus Online
[2013.09.06 09:39:19 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Downloaded Installations
[2013.12.20 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Dropbox
[2013.08.29 03:27:11 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\DVDVideoSoft
[2012.10.01 14:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\FileOpen
[2012.10.11 21:30:34 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\ICAClient
[2010.12.21 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Kiaq
[2013.04.06 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro
[2013.01.16 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Nitro PDF
[2013.12.12 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Spotify
[2012.08.25 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos
[2012.08.25 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Steganos VPN
[2011.07.26 00:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\SuperEasy Software
[2009.06.17 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\T-Online
[2012.12.13 01:12:59 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TeamViewer
[2009.06.23 20:12:01 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\Toshiba
[2012.06.12 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hülya\AppData\Roaming\TuneUp Software
========== Purity Check ========== < End of report >
OTL Extras logfile created on: 20.12.2013 11:15:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hülya\Saved Games\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,84% Memory free
4,22 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,81 Gb Free Space | 40,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 72,85 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Computer Name: HÜLYA-PC | User Name: Hülya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137F649-3D9B-4636-850D-C16C5FCA28E3}" = lport=138 | protocol=17 | dir=in | app=system |
"{09B70AE6-B5BE-4850-AC69-D65736BDBF51}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C7E85E8-AC83-44A3-B593-C2A68D17CA72}" = lport=445 | protocol=6 | dir=in | app=system |
"{153E972A-9168-45F3-85F6-BE7AA5867FB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D3F6F6D-0AEB-434C-A2A6-246D1E2D0A8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{348C14A5-BAED-4F84-A9CE-AAD52FF7CEB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3CF28603-71C2-446A-8978-841A92A487D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6191349F-94B0-446E-B192-BAFDDB03344C}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D1421C5-F6C7-4261-B58D-E52E9B5970E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E977570-FE19-4DFC-B046-832B9F727D8B}" = rport=139 | protocol=6 | dir=out | app=system |
"{99338DBE-7029-46CF-A75F-1C52A72D0E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{D922E1D8-2B94-4807-A733-8F2E2AFDE1C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{E82F834E-514C-459F-9D90-C5F0A795FBA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F15668-59EB-424D-A20A-9AF50F0B9022}" = protocol=58 | dir=in |
[email protected],-28545 |
"{14693FE4-C526-4DD3-802F-423E1A77DAE6}" = protocol=1 | dir=in |
[email protected],-28543 |
"{1A08052F-A7FB-455B-BC05-A0350D65A2BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{23E01193-6649-4A9F-B477-B57DBA01472A}" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"{49ED2A63-0912-4CBC-8BA7-F4C64729495A}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{532C3B75-067B-47DF-ACC6-3323EF489C83}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{864B95F4-ECB4-4827-BEF6-94D9AE092564}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8926B658-2ED3-4CD7-8987-451C0FE5021E}" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"{89D293F4-DC8F-42CB-9A66-32B4E64F377D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8D92E712-E3DC-40E2-A8CE-85E0C9D0C251}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A396EF5D-F0E2-4604-B5B7-0D9B8E4DD2A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{B75C72A3-7C3F-4CB8-B474-AAE1520EB691}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{EA8237F1-D709-4052-BA1B-DB501E47C8C1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{EBDB635D-49B7-4EE5-B2FD-807B25268974}" = protocol=58 | dir=out |
[email protected],-28546 |
"{ED5EA9F6-0382-4894-BB92-E79CA4690F3D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDAF532D-3657-42D6-9026-305A1F9469D7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F3CE183C-9F4B-426D-BBEB-6478A45CD02C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{FE02A4C1-CF5F-4EA8-A033-CB40B561BCC7}" = protocol=1 | dir=out |
[email protected],-28544 |
"TCP Query User{05F3F5F2-20B9-48BC-B088-7B7A767912D2}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{122F68DC-E06A-4E4D-8C1C-2714FB6E1C5D}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9000C5FA-532E-4E32-8E47-6915D131AB05}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9B60D710-F681-49F7-BC7D-302476BA0ACA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CE9C2CD2-1015-45C7-BADB-69804AC37A44}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{DF571196-4ED8-4D3F-B71F-D08EEC500378}C:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F7A706FB-AAEF-4D90-8EC6-49859C339B0A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{FF507801-D111-4E5E-B087-2767FBDB0BAD}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1FF808E9-3E4F-4593-B0BE-61F1CD644616}C:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{58F7113B-3C92-4518-BFDE-EFCD77BA774A}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6FD9DCD6-C3F8-4989-AF45-1C47DE584A36}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{89FF9503-DF4A-4FBB-B3AF-C6507C27049F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9E5D7434-11EE-4876-B8D7-CE6D1FCDA589}C:\users\hülya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hülya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C79F86C3-0D3C-4045-98DE-45DD91F283F9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DAA9A1D5-5324-495E-8CA4-A7521F250BF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{FDE2D825-1A81-4568-994C-A417C6F65F7D}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28F5EC38-ACF6-47B8-A182-218AF75A1D82}" = Citrix Receiver (USB)
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{41564952-412D-5637-00A7-A758B70C0600}" = Avira SearchFree Toolbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5027D37B-3677-4F16-9501-A42288EBDB31}" = Nitro Reader 3
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"{554E35CF-3A05-4AB0-A5EA-32AB00AA89E9}" = Citrix Receiver(Aero)
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E2131E0-BE55-40FF-BD9A-57D78D2A94A5}" = Citrix Receiver (DV)
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEEA6BB-9E32-48F8-814B-74F4AD71A5F5}" = Citrix Receiver (HDX Flash-Umleitung)
"{6FEC5C36-2ACD-4341-8157-55A0DA342DF7}" = Online Plug-in
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.12.827
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adapter
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nano" = Nano 1.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinPcapInst" = WinPcap 4.1.2
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1214267908-4288766644-999623428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 13.12.2013 20:49:00 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 14.12.2013 19:06:30 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 31.0.1650.63, Zeitstempel
0x529e8b45, fehlerhaftes Modul chrome.dll, Version 31.0.1650.63, Zeitstempel 0x529e84ac,
Ausnahmecode 0xc0000005, Fehleroffset 0x0017a892, Prozess-ID 0x44c, Anwendungsstartzeit
01cef9200ff5dba1.
Error - 14.12.2013 20:27:38 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 14.12.2013 20:27:38 | Computer Name = Hülya-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 14.12.2013 20:47:43 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.75.0.1, Zeitstempel 0x511f8eb2,
fehlerhaftes Modul MSVBVM60.DLL, Version 6.0.98.2, Zeitstempel 0x4791a724, Ausnahmecode
0xc0000005, Fehleroffset 0x0005d26c, Prozess-ID 0x167c, Anwendungsstartzeit 01cef92ebae66304.
Error - 15.12.2013 06:57:45 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.75.0.1, Zeitstempel 0x511f8eb2,
fehlerhaftes Modul MSVBVM60.DLL, Version 6.0.98.2, Zeitstempel 0x4791a724, Ausnahmecode
0xc0000005, Fehleroffset 0x0005d26c, Prozess-ID 0x1678, Anwendungsstartzeit 01cef97b9daba145.
Error - 18.12.2013 11:19:58 | Computer Name = Hülya-PC | Source = VSS | ID = 12289
Description =
Error - 19.12.2013 06:53:07 | Computer Name = Hülya-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 19.12.2013 18:00:58 | Computer Name = Hülya-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 31.0.1650.63, Zeitstempel
0x529e8b45, fehlerhaftes Modul chrome.dll, Version 31.0.1650.63, Zeitstempel 0x529e84ac,
Ausnahmecode 0xc0000005, Fehleroffset 0x0017a892, Prozess-ID 0x177c, Anwendungsstartzeit
01cefd01cb492a8c.
Error - 19.12.2013 21:09:45 | Computer Name = Hülya-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 14.0.2.220 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1244 Anfangszeit: 01cefd01a0c3f15c Zeitpunkt der
Beendigung: 0
[ OSession Events ]
Error - 20.03.2012 09:56:32 | Computer Name = Hülya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 475
seconds with 60 seconds of active time. This session ended with a crash.
Error - 14.11.2012 03:09:24 | Computer Name = Hülya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5321
seconds with 3780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.12.2013 21:42:44 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.12.2013 21:48:15 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 05:56:32 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2013 06:12:00 | Computer Name = Hülya-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 13
Java SE Runtime Environment 6
Java version out of Date! Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8
Adobe Reader out of Date! Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````