Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   iexplore.exe im Taskmanager (https://www.trojaner-board.de/99487-iexplore-exe-taskmanager.html)

Rin.T 23.05.2011 20:16
iexplore.exe im Taskmanager
 
Hallo zusammen,

Gestern Nacht habe ich im Taskmanager nachgeschaut und 2mal iexplore.exe entdeckt. Zurzeit benütze ich nur Firefox, ich habe es versucht die beide Prozesse zu beenden aber später taucht es wieder auf. Wenn ich die beide Prozesse nicht beende spielt im Hintergrund irgendein Werbung an, das stört richtig beim Musik hören.

Meine Antivirus-Programme haben nichts weitergeholfen, ich habe auch nach Beiträgen gesucht ohne Erfolg. Aber eines möchte ich nur Wissen wie ich es entfernen kann.





Ich hoffe ihr könnt mir helfen, danke!

kira 23.05.2011 21:45
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► Woher hast Du das Programm "Adobe Photoshop CS3"?

1.
Malwarebytes Anti-Malware :
Hast Du alle vorhandenen Protokolle gepostet?

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

Rin.T 23.05.2011 23:20
Danke für die Antwort!

► Ich habe das von mein ältere Bruder.

1. Ja

2. OTL-Logfile
Code:
OTL logfile created on: 23.05.2011 23:46:49 - Run 3
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 226,73 Mb Available Physical Memory | 23,78% Memory free
2,29 Gb Paging File | 1,15 Gb Available in Paging File | 50,42% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,31 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
PRC - [2011.04.30 04:38:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.02.07 16:00:18 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Irene\Program Files\DNA\btdna.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.17 01:36:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.19 04:00:01 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.13 22:46:27 | 000,002,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv)
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.08 16:08:58 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.05.20 21:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.15 13:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npkcrypt.sys -- (npkcrypt)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C EA ED 77 D2 6B CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: betterkongregate@matthewammann.com:3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
 
[2009.08.23 15:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Extensions
[2011.05.23 23:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions
[2010.05.19 20:12:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.14 19:00:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.04 14:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.07.22 03:40:41 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2011.04.13 20:09:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.13 20:09:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.04 14:58:50 | 000,000,000 | ---D | M] (Better Kongregate) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\betterkongregate@matthewammann.com
[2011.05.02 15:10:03 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\multilinks@plugin
[2010.11.17 20:53:57 | 000,002,567 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml
[2010.04.14 13:57:32 | 000,001,827 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\bing.xml
[2009.10.01 01:38:10 | 000,000,886 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml
[2010.01.22 14:37:53 | 000,002,280 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\google-und-download-suche.xml
[2010.12.09 19:16:46 | 000,010,017 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml
[2010.06.02 17:48:13 | 000,001,741 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\search-the-web.xml
[2011.05.23 22:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 19:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.30 22:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.23 20:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\IRENE\PROGRAM FILES\DNA
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Irene\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 212.186.211.21 195.34.133.21 195.34.133.22
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 20:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.23 19:15:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:29:25 | 000,000,000 | ---D | C] -- C:\Users\Irene\{fcafd724-883f-4929-83a5-90f16d6cdb64}
[2011.05.23 18:05:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.05.23 18:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011.05.23 18:02:38 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 17:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011.05.23 15:45:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.22 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.22 20:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.19 14:54:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.30 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.30 22:21:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.30 00:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.30 00:10:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.30 00:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.28 14:52:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 14:52:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 14:51:39 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.23 23:47:32 | 000,002,097 | R--- | M] () -- C:\Users\Irene\Desktop\hjtscanlist.zip
[2011.05.23 23:41:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.23 22:18:04 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 22:18:04 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 20:21:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2011.05.23 20:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 20:17:51 | 998,313,984 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:15:13 | 000,001,190 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2011.05.23 18:07:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:02:38 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 15:45:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 15:45:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:45:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:18 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.21 19:08:35 | 002,093,056 | ---- | M] () -- C:\Users\Irene\Desktop\CM.sai
[2011.05.19 14:54:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.18 09:14:48 | 000,000,482 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.04.30 00:12:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:01 | 000,000,136 | ---- | M] () -- C:\ProgramData\~32366344
[2011.04.29 21:09:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32366344r
[2011.04.29 20:11:43 | 000,000,336 | ---- | M] () -- C:\ProgramData\32366344
[2011.04.29 20:04:24 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.27 20:34:08 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.27 20:34:07 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.27 20:34:07 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.27 20:34:07 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.23 23:47:58 | 000,002,097 | R--- | C] () -- C:\Users\Irene\Desktop\hjtscanlist.zip
[2011.05.23 18:07:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:06:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.05.23 16:05:34 | 000,000,917 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.23 15:45:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:11:38 | 998,313,984 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.21 18:36:23 | 002,093,056 | ---- | C] () -- C:\Users\Irene\Desktop\CM.sai
[2011.04.30 00:12:20 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:00 | 000,000,152 | ---- | C] () -- C:\ProgramData\~32366344r
[2011.04.29 21:09:00 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32366344
[2011.04.29 20:11:43 | 000,000,336 | ---- | C] () -- C:\ProgramData\32366344
[2011.04.29 20:04:24 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.12 11:11:32 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.01.12 11:11:30 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.01.12 11:11:28 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.01.12 10:36:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.06 17:25:43 | 000,001,190 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.09.13 17:51:55 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.08.03 18:39:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 14:38:31 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 12:14:50 | 000,000,035 | ---- | C] () -- C:\Windows\Weather.Ini
[2010.03.14 19:29:25 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010.02.26 21:00:16 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.02.26 20:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.02.26 20:54:41 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.26 20:54:29 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.07 19:39:32 | 000,006,080 | ---- | C] () -- C:\Users\Irene\AppData\Local\d3d9caps.dat
[2010.01.24 19:49:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.01.23 00:36:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.18 18:53:04 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.16 17:48:23 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.13 21:50:03 | 000,005,840 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\UserTile.png
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.15 16:06:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.15 16:06:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.05 19:44:14 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.10.08 14:55:28 | 000,000,482 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.11 00:18:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 00:18:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.13 02:23:29 | 000,000,090 | ---- | C] () -- C:\Windows\System32\EUSOFT.SYS
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.25 18:33:03 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.07.25 00:43:22 | 000,000,811 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.07.24 16:14:40 | 000,000,080 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\wklnhst.dat
[2009.06.21 01:33:55 | 000,007,168 | ---- | C] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.04 15:30:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.01 00:24:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.03.01 00:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.17 17:43:46 | 000,589,824 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2008.11.27 06:24:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008.11.27 06:24:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.15 03:41:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.08.08 20:44:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.08.08 11:30:05 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 10:21:25 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,481,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.11.27 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\App Launcher Gadget
[2011.05.23 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DNA
[2011.04.16 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2010.08.03 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.16 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Facebook
[2011.03.09 23:32:12 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\FontCreator
[2010.10.03 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\gtk-2.0
[2009.07.27 02:59:13 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\InterVideo
[2010.01.11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\NCH Swift Sound
[2009.11.15 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\PC Suite
[2010.07.28 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Sierra
[2010.05.17 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\SYSTEMAX Software Development
[2010.02.15 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Template
[2011.01.09 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Unity
[2010.09.26 02:06:14 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WinMPG
[2010.10.04 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WTouch
[2010.05.04 21:05:07 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2011.05.23 20:16:52 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >
Extras
Code:
OTL Extras logfile created on: 23.05.2011 23:46:49 - Run 3
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 226,73 Mb Available Physical Memory | 23,78% Memory free
2,29 Gb Paging File | 1,15 Gb Available in Paging File | 50,42% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,31 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" =
"AntiVirusOverride" = 0
"FirewallDisableNotify" =
"FirewallOverride" = 0
"FirstRunDisabled" =
"UpdatesDisableNotify" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B62C7B46-36D5-4821-A8F5-AF5ED4526CA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD88B457-03BD-4707-A004-C0ED5B1C4AD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C6D448-CCF7-4C00-A67D-2E3524687452}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0790089F-AA8C-4E5F-B4F8-C3FE6B5A81E9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{087627E0-83FD-42D2-A386-BCF40B77F03F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0E58A0A5-4C9C-4788-BB99-117685A96464}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{12495251-71AE-4DED-A963-D65C68C56A6A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1B0F7E47-896B-4C0A-A882-2FCA86E9964E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{40AD01C3-8D43-4CF7-BF07-4CDA6A0D0519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{43CD71B8-CE2D-4A03-B91D-D9A24D41DA37}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{57529B4C-CA3F-43C3-A21B-DF7073FC0C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57F8DD6C-23D8-4740-B9FA-5806538AA216}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5A0338E7-3D0B-4DE6-B9F8-F73D7DFDD792}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5FBA5F8B-74FA-405F-AAD3-1EC7215BBA91}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{67392AE3-C899-42EF-AF58-873D97B2BCC8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6BCB72CB-B4F2-4C16-A622-ED8CFC1A14BC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{714A1D63-D3BF-49F5-88D8-7A0A029FC0A0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{870A1CD7-90B8-45E1-8945-3081C50CC75E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8C3B5583-9234-4389-A125-2ED19B3C652F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{91BD3F58-C642-4CAA-B950-B34676AEB8D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{93E33A36-46FC-416B-AABD-881E6F54F880}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{94EFF76D-B7D9-4278-9DFB-66A49717D0A5}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9710E36F-67AA-4040-B679-5A8247B0CF82}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{A2703811-CEF0-4B70-B8B9-C1B3452D7D5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB85559E-145E-471F-986D-087D8576D400}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B50BF2B8-F2D7-49F1-A770-797E515F98BB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B6F8C181-C507-42C6-9881-415BD34E46C6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BD2ECE45-FE22-4A7C-B002-85FCB11F4743}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C9C5C08F-CBA8-46C6-8CB0-1E8AE6C64A4A}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{CC7CFC7A-3896-4421-BC38-3EE7EBE89F89}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE5666A7-F343-4452-AA15-7E487687FFD3}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{CE9AF69A-AAD0-4BA3-96E6-26634BCA6034}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{CEF2FBBC-41DB-4358-AB01-52B4B615F8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CF753184-FB85-4388-AF1D-1ABB56928CE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F036BE76-6F28-4649-BE54-E8B882DACAEF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F62A4492-031A-4DD7-85FB-2743A003953D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9BFF757-9EA3-4AFA-8B2A-D8744F41B32B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{02965AF5-ECF9-4784-B444-40979A80487C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{04010334-3242-4687-96D5-2883C103B8FD}C:\program files\irisnotes\easy note taker.exe" = protocol=6 | dir=in | app=c:\program files\irisnotes\easy note taker.exe |
"TCP Query User{049A89EB-4581-450E-94C1-762303AB9B09}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{1330EEC4-2CDC-4406-8EA4-E29334D28667}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{1ABF0AC5-83D2-42CE-8989-420FED880119}C:\program files\weltwunder\game.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\game.exe |
"TCP Query User{2173C38E-5E49-452F-89C5-C0021042B9F7}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"TCP Query User{288335AA-542A-4EDA-9DCE-F4A8A4471E49}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{304F9926-5E45-4380-A905-73D1530EC12C}C:\users\irene\downloads\dragonoath.exe" = protocol=6 | dir=in | app=c:\users\irene\downloads\dragonoath.exe |
"TCP Query User{33975C40-C224-4746-B9A1-5C1733A55BC0}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{37942AE9-7889-4194-8A56-2C58E8BA941E}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=6 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe |
"TCP Query User{3D26E38A-2B61-4AF8-A98A-F0F1C2D7DE89}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"TCP Query User{47322C84-8FA1-4EBC-B9F8-9B49F6F138F1}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{59708A26-D025-4EB0-BD44-8242A85CD104}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"TCP Query User{5B214D58-A7BA-418B-AB55-7930C40BD801}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=6 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe |
"TCP Query User{5F6CD87E-60D1-43DF-A0A2-9A6F2EDACB19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{70B0754C-A6E8-4AF1-B399-DF6DB0894BE5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{72D80BAE-36DF-49C0-BC17-719EEB6CF9F7}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"TCP Query User{7CD6E412-9A26-41CB-87A8-3EF2A9CB13FD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8453D2F3-A324-41BF-BD70-41A3063ECC60}C:\program files\weltwunder\gamemp.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\gamemp.exe |
"TCP Query User{86FE2CBD-AFAB-49BA-9B08-B45FE6A22BA2}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{98214D9E-DCD9-4F1A-BE08-3E2E6AAC116F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{A1513D5C-FEAB-4403-8998-85FB4116F4D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A67198B2-4C81-4A51-B42D-704060B0C701}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{AAA966B7-896B-4B75-930F-684F31626925}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{B4748A90-2B95-4FCF-BE6C-A1CF1A406C0E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"TCP Query User{D37C86A8-803B-46F9-9DA2-08AEEB9A3410}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DA9D4871-2D8E-4235-AD48-6F408B71050E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"TCP Query User{EE9D07A1-B34A-478F-88A9-2DF58B66B010}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{F80066FF-DDEF-405B-A02F-FDB249447618}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{02B9A706-BC3C-48B2-8ABF-73756EDD5916}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{196F38D2-EAEB-43E4-BDDD-36073195A32F}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{233A6CDB-1329-40D9-8236-C7A24DF268F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{26221FBF-9514-4331-9EB0-BA916B066BDF}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"UDP Query User{2B7AE3B8-7BBB-42B4-B18A-8E69435FB1F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2E2CF505-6B9C-46E0-9CD1-4B3B777A8068}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{3A63A381-C6DB-4941-981F-A76D9659F44C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{3AC1B626-9504-4AED-9184-AB1E412E65B3}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"UDP Query User{5AF98240-79C0-4E45-942E-3769895855CC}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{66CE66A2-E660-4A54-9409-8E2F4FC722CA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7018DF44-B787-476C-85B6-C6DC984664FD}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"UDP Query User{7EBE9ED0-8684-409F-88DE-C23FC0CB60D7}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{8856A8C9-A910-4005-9846-5C8856D9EBBB}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{943CA8A9-9EC6-4417-BC51-9D507A1706CC}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"UDP Query User{9FA55788-1D4F-4EDE-A001-56DCBA81A649}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A35A0774-4009-4E64-9086-2CC5985CB9D8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{A5CCE7C1-EFEB-49B4-B478-EA556E4792B7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B2BBB383-91A7-49E4-AF2D-47C64AE83589}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{B8DA9F0C-6553-487D-9AEC-C8B101783846}C:\program files\weltwunder\game.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\game.exe |
"UDP Query User{BF1E9F59-F0A7-42C3-9DEB-BA4D139FB127}C:\program files\weltwunder\gamemp.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\gamemp.exe |
"UDP Query User{BFB1EDE0-CE81-4D4B-BDF8-21CB3C7421CD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{C42BC2B8-5D46-4C7E-8C92-A7F9E400DB8A}C:\program files\irisnotes\easy note taker.exe" = protocol=17 | dir=in | app=c:\program files\irisnotes\easy note taker.exe |
"UDP Query User{C4891A16-CAA0-40D1-866C-346BA017E9A3}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=17 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe |
"UDP Query User{C4EB875A-45F1-4F8D-AE8F-E035A3834F12}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CFC18456-BC29-4B84-8E5F-6BDB3985781C}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"UDP Query User{D9C64937-B67F-4C24-8DC1-AB9C3E7188E8}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"UDP Query User{DBEE5BCD-40EA-4F2D-9406-5A1992F5DAE6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{F8FF90E6-5977-46BA-B985-589E3C26FB21}C:\users\irene\downloads\dragonoath.exe" = protocol=17 | dir=in | app=c:\users\irene\downloads\dragonoath.exe |
"UDP Query User{FD9C52FB-B090-4189-A10C-EE6B57AA6E2A}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=17 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP4 Media Player_is1" = MP4 Media Player 1.0
"Neffy" = Neffy 1,3,29,0
"npkcxp" = nProtect KeyCrypt
"Pen Tablet Driver" = Stifttablett
"Red Alert" = Red Alert Windows 95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 9.1.6.0
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2011 10:31:04 | Computer Name = Irene-PC | Source = VSS | ID = 8194
Description =
 
Error - 08.02.2011 10:35:07 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.02.2011 07:32:45 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.02.2011 13:11:36 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0xbcc, Anwendungsstartzeit
 01cbc84eda4ea05a.
 
Error - 10.02.2011 06:19:36 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.02.2011 08:47:29 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0x56c, Anwendungsstartzeit
 01cbc90e3de768a0.
 
Error - 11.02.2011 08:47:52 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 10:32:12 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 16:20:34 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 16:48:15 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x490, Anwendungsstartzeit
 01cbca2b83530101.
 
[ System Events ]
Error - 23.05.2011 12:14:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 23.05.2011 12:14:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.05.2011 12:19:32 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 23.05.2011 12:24:50 | Computer Name = Irene-PC | Source = DCOM | ID = 10010
Description =
 
Error - 23.05.2011 12:32:35 | Computer Name = Irene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.05.2011 um 18:30:23 unerwartet heruntergefahren.
 
Error - 23.05.2011 12:34:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 23.05.2011 12:34:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.05.2011 14:14:08 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23.05.2011 14:19:34 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 23.05.2011 14:19:34 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

Rin.T 23.05.2011 23:47
3. HTLscanlist
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6002]
 
 
C:

  23.05.2011 23:44    C:\Program Files --------- 28672 
  23.05.2011 23:44    C:\System Volume Information --------- 28672 
      C:\hiberfil.sys ---------   
      C:\pagefile.sys ---------   
  23.05.2011 20:16    C:\Windows --------- 32768 
  23.05.2011 20:13    C:\_OTL --------- 0 
  23.05.2011 17:50    C:\ProgramData --------- 20480 
  29.04.2011 22:55    C:\Download --------- 0 
  08.03.2011 13:20    C:\Intel --------- 0 
  18.11.2010 18:38    C:\Users --------- 4096 
  30.09.2010 13:47    C:\7ac70b5c6f4b506dccb780 --------- 0 
  10.09.2010 17:40    C:\Boot --------- 4096 
  11.08.2010 15:06    C:\found.000 --------- 0 
  26.06.2010 12:07    C:\7cd57655cfd7b43728917d9e63 --------- 0 
  13.03.2010 21:50    C:\Shockwave --------- 0 
  19.12.2009 22:40    C:\Medion --------- 0 
  19.12.2009 21:50    C:\NVIDIA --------- 0 
  05.11.2009 19:42    C:\IO.SYS --------- 0 
  05.11.2009 19:42    C:\MSDOS.SYS --------- 0 
  04.06.2009 15:20    C:\$Recycle.Bin --------- 4096 
  04.06.2009 15:20    C:\ACER --------- 4096 
  04.06.2009 15:19    C:\ACERSW --------- 0 
  04.06.2009 15:17    C:\Programme --------- 0 
  04.06.2009 15:17    C:\Dokumente und Einstellungen --------- 0 
  11.04.2009 08:36    C:\bootmgr --------- 333257 
  01.03.2009 00:27    C:\vcredist_x86.log --------- 472006 
  08.08.2008 20:46    C:\BOOTSECT.BAK --------- 8192 
  08.08.2008 12:13    C:\book --------- 0 
  08.08.2008 11:55    C:\MSOCache --------- 0 
  08.08.2008 11:30    C:\RHDSetup.log --------- 426 
  21.01.2008 04:43    C:\PerfLogs --------- 0 
  02.11.2006 14:59    C:\Documents and Settings --------- 0 
  18.09.2006 23:43    C:\config.sys --------- 10 
  18.09.2006 23:43    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  23.05.2011 20:24    C:\Windows\WindowsUpdate.log --------- 1413018 
  23.05.2011 20:17    C:\Windows\bootstat.dat --------- 67584 
  23.05.2011 20:17    C:\Windows\PFRO.log --------- 2364 
  23.05.2011 18:07    C:\Windows\setupact.log --------- 1671 
  23.05.2011 18:05    C:\Windows\setuperr.log --------- 0 
  23.05.2011 15:48    C:\Windows\IE9_main.log --------- 3554 
  23.05.2011 14:29    C:\Windows\ntbtlog.txt --------- 50928 
  18.05.2011 09:14    C:\Windows\WININIT.INI --------- 482 
  07.02.2011 17:08    C:\Windows\NTIWVEDT.INI --------- 811 
  22.07.2010 22:29    C:\Windows\ULead32.ini --------- 89 
  12.05.2010 18:24    C:\Windows\Setup1.exe --------- 253952 
  12.05.2010 18:24    C:\Windows\ST6UNST.EXE --------- 74752 
  17.04.2010 02:45    C:\Windows\WLXPGSS.SCR --------- 307056 
  10.04.2010 12:14    C:\Windows\Weather.Ini --------- 35 
  26.02.2010 21:10    C:\Windows\Robota.INI --------- 28 
  26.02.2010 20:57    C:\Windows\mgxoschk.ini --------- 6211 
  24.01.2010 19:49    C:\Windows\d3dx.dat --------- 4096 
  24.01.2010 19:44    C:\Windows\eReg.dat --------- 525 
  23.01.2010 00:36    C:\Windows\ODBCINST.INI --------- 209 
  25.11.2009 18:41    C:\Windows\iun6002.exe --------- 737280 
  26.07.2009 00:21    C:\Windows\popcinfo.dat --------- 26 
  11.04.2009 08:27    C:\Windows\explorer.exe --------- 2926592 
  01.03.2009 00:16    C:\Windows\LManager.UNI --------- 83 
  09.12.2008 03:32    C:\Windows\MOD01SET000000007O.enc --------- 1976 
  09.12.2008 03:31    C:\Windows\CSUP.TXT --------- 10 
  15.08.2008 07:03    C:\Windows\MOD01SET1W0000000M.enc --------- 2424 
  15.08.2008 07:03    C:\Windows\FixAudio.cmd --------- 280 
  15.08.2008 03:31    C:\Windows\FixVolume.cmd --------- 75 
  08.08.2008 12:16    C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 24444928 
  08.08.2008 12:16    C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 131072 
  08.08.2008 12:16    C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536 
  08.08.2008 11:30    C:\Windows\DIFxAPI.dll --------- 319456 
  08.08.2008 11:29    C:\Windows\HideWin.exe --------- 315392 
  14.07.2008 12:02    C:\Windows\MOD01SET0J00860005.enc --------- 2060 
  27.06.2008 12:33    C:\Windows\SkyTel.exe --------- 1826816 
  27.06.2008 12:33    C:\Windows\RtlUpd.exe --------- 1196032 
  27.06.2008 12:33    C:\Windows\RtHDVCpl.exe --------- 6244896 
  27.06.2008 12:33    C:\Windows\RtDefLvl.ini --------- 1694 
  27.06.2008 12:33    C:\Windows\USetup.iss --------- 553 
  27.06.2008 12:33    C:\Windows\RTKVADDA.EXE --------- 290816 
  27.06.2008 12:33    C:\Windows\RtlExUpd.dll --------- 520192 
  11.06.2008 07:55    C:\Windows\MOD01OPK0400860001.enc --------- 2400 
  20.05.2008 21:39    C:\Windows\audio.reg --------- 196 
  21.01.2008 04:57    C:\Windows\WindowsShell.Manifest --------- 749 
  21.01.2008 04:34    C:\Windows\regedit.exe --------- 134656 
  21.01.2008 04:34    C:\Windows\bfsvc.exe --------- 58880 
  21.01.2008 04:34    C:\Windows\fveupdate.exe --------- 13312 
  21.01.2008 04:33    C:\Windows\HelpPane.exe --------- 498176 
  21.01.2008 04:33    C:\Windows\notepad.exe --------- 151040 
  03.12.2007 09:11    C:\Windows\UNINST32.EXE --------- 207368 
  02.11.2006 15:01    C:\Windows\win.ini --------- 144 
  02.11.2006 14:34    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 14:33    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 14:33    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 14:33    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 14:33    C:\Windows\twain.dll --------- 94784 
  02.11.2006 11:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 11:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 09:46    C:\Windows\mib.bin --------- 43131 
  19.09.2006 13:41    C:\Windows\HomeBasic.xml --------- 8286 
  18.09.2006 23:46    C:\Windows\system.ini --------- 219 
  18.09.2006 23:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 23:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 23:30    C:\Windows\msdfmap.ini --------- 1405 
  16.11.1998 18:16    C:\Windows\RAUNINST.EXE --------- 88576 
  21.10.1998 18:43    C:\Windows\IsUn0407.exe --------- 328704 
  11.11.1997 23:33    C:\Windows\IsUninst.exe --------- 317440 
  08.04.1997 21:08    C:\Windows\uninst.exe --------- 299520 
  01.08.1995 04:44    C:\Windows\PCDLIB32.DLL --------- 212480 
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:33      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 14:33      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 14:33      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 14:33      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 14:33      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 14:33      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 23.05.2011 22:18    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216 
 23.05.2011 22:18    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216 
 23.05.2011 18:15    C:\Windows\system32\Pen_Tablet.dat --------- 1190 
 23.05.2011 18:10    C:\Windows\system32\drivers --------- 81920 
 23.05.2011 18:10    C:\Windows\system32\wbem --------- 65536 
 23.05.2011 18:07    C:\Windows\system32\catroot --------- 4096 
 23.05.2011 18:02    C:\Windows\system32\WdfCoInstaller01009.dll --------- 1461992 
 23.05.2011 18:02    C:\Windows\system32\SynTPCo4.dll --------- 120104 
 23.05.2011 18:02    C:\Windows\system32\SynTPAPI.dll --------- 161064 
 23.05.2011 18:02    C:\Windows\system32\SynCtrl.dll --------- 210216 
 23.05.2011 18:02    C:\Windows\system32\SynCOM.dll --------- 173352 
 23.05.2011 17:50    C:\Windows\system32\Tasks --------- 0 
 23.05.2011 15:49    C:\Windows\system32\de-DE --------- 262144 
 23.05.2011 15:49    C:\Windows\system32\migration --------- 0 
 23.05.2011 15:49    C:\Windows\system32\en-US --------- 8192 
 23.05.2011 15:47    C:\Windows\system32\catroot2 --------- 4096 
 23.05.2011 15:45    C:\Windows\system32\icrav03.rat --------- 8798 
 23.05.2011 15:45    C:\Windows\system32\ticrf.rat --------- 1988 
 23.05.2011 15:45    C:\Windows\system32\msls31.dll --------- 161792 
 23.05.2011 15:45    C:\Windows\system32\wininet.dll --------- 1126912 
 23.05.2011 15:45    C:\Windows\system32\jsproxy.dll --------- 65024 
 23.05.2011 15:45    C:\Windows\system32\iertutil.dll --------- 1785344 
 23.05.2011 15:45    C:\Windows\system32\msrating.dll --------- 162304 
 23.05.2011 15:45    C:\Windows\system32\urlmon.dll --------- 1102336 
 23.05.2011 15:45    C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752 
 23.05.2011 15:45    C:\Windows\system32\SetIEInstalledDate.exe --------- 76800 
 23.05.2011 15:45    C:\Windows\system32\mshtmler.dll --------- 48640 
 23.05.2011 15:45    C:\Windows\system32\iesysprep.dll --------- 86528 
 23.05.2011 15:45    C:\Windows\system32\ieui.dll --------- 176640 
 23.05.2011 15:45    C:\Windows\system32\ieframe.dll --------- 9702400 
 23.05.2011 15:45    C:\Windows\system32\tdc.ocx --------- 63488 
 23.05.2011 15:45    C:\Windows\system32\html.iec --------- 367104 
 23.05.2011 15:45    C:\Windows\system32\dxtrans.dll --------- 223232 
 23.05.2011 15:45    C:\Windows\system32\dxtmsft.dll --------- 353792 
 23.05.2011 15:45    C:\Windows\system32\ieapfltr.dat --------- 3695416 
 23.05.2011 15:45    C:\Windows\system32\ieapfltr.dll --------- 434176 
 23.05.2011 15:45    C:\Windows\system32\icardie.dll --------- 66048 
 23.05.2011 15:45    C:\Windows\system32\ie4uinit.exe --------- 74240 
 23.05.2011 15:45    C:\Windows\system32\iernonce.dll --------- 31744 
 23.05.2011 15:45    C:\Windows\system32\ieuinit.inf --------- 72822 
 23.05.2011 15:45    C:\Windows\system32\iesetup.dll --------- 74752 
 23.05.2011 15:45    C:\Windows\system32\url.dll --------- 231936 
 23.05.2011 15:45    C:\Windows\system32\iedkcs32.dll --------- 353584 
 23.05.2011 15:45    C:\Windows\system32\inetcpl.cpl --------- 1427456 
 23.05.2011 15:45    C:\Windows\system32\webcheck.dll --------- 203776 
 23.05.2011 15:45    C:\Windows\system32\licmgr10.dll --------- 23552 
 23.05.2011 15:45    C:\Windows\system32\inseng.dll --------- 78848 
 23.05.2011 15:45    C:\Windows\system32\mshtmled.dll --------- 72704 
 23.05.2011 15:45    C:\Windows\system32\wextract.exe --------- 152064 
 23.05.2011 15:45    C:\Windows\system32\iexpress.exe --------- 150528 
 23.05.2011 15:45    C:\Windows\system32\msfeeds.dll --------- 580608 
 23.05.2011 15:45    C:\Windows\system32\vbscript.dll --------- 420864 
 23.05.2011 15:45    C:\Windows\system32\mshtml.dll --------- 12268544 
 23.05.2011 15:45    C:\Windows\system32\mshtml.tlb --------- 2382848 
 23.05.2011 15:45    C:\Windows\system32\ieUnatt.exe --------- 142848 
 23.05.2011 15:45    C:\Windows\system32\occache.dll --------- 123392 
 23.05.2011 15:45    C:\Windows\system32\pngfilt.dll --------- 54272 
 23.05.2011 15:45    C:\Windows\system32\mshta.exe --------- 11776 
 23.05.2011 15:45    C:\Windows\system32\admparse.dll --------- 101888 
 23.05.2011 15:45    C:\Windows\system32\ieaksie.dll --------- 227840 
 23.05.2011 15:45    C:\Windows\system32\ieakui.dll --------- 163840 
 23.05.2011 15:45    C:\Windows\system32\jscript9.dll --------- 1797632 
 23.05.2011 15:45    C:\Windows\system32\jscript.dll --------- 716800 
 23.05.2011 15:45    C:\Windows\system32\imgutil.dll --------- 35840 
 23.05.2011 15:45    C:\Windows\system32\advpack.dll --------- 114176 
 23.05.2011 15:45    C:\Windows\system32\iepeers.dll --------- 118784 
 23.05.2011 15:45    C:\Windows\system32\msfeedsbs.dll --------- 41472 
 23.05.2011 15:45    C:\Windows\system32\msfeedssync.exe --------- 10752 
 23.05.2011 15:45    C:\Windows\system32\IEAdvpack.dll --------- 110592 
 23.05.2011 15:45    C:\Windows\system32\ieakeng.dll --------- 130560 
 19.05.2011 14:54    C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640 
 12.05.2011 12:38    C:\Windows\system32\mrt.exe --------- 42829768 
 30.04.2011 22:20    C:\Windows\system32\jupdate-1.6.0_25-b06.log --------- 6270 
 27.04.2011 20:34    C:\Windows\system32\perfh009.dat --------- 591320 
 27.04.2011 20:34    C:\Windows\system32\perfc009.dat --------- 103194 
 27.04.2011 20:34    C:\Windows\system32\perfh007.dat --------- 623280 
 27.04.2011 20:34    C:\Windows\system32\perfc007.dat --------- 125378 
 27.04.2011 20:34    C:\Windows\system32\PerfStringBackup.INI --------- 1432888 
 15.04.2011 17:29    C:\Windows\system32\directx --------- 0 
 15.04.2011 16:56    C:\Windows\system32\nxEuUninstall.bat --------- 235 
 14.04.2011 05:08    C:\Windows\system32\javaws.exe --------- 157472 
 14.04.2011 05:08    C:\Windows\system32\javaw.exe --------- 145184 
 14.04.2011 05:08    C:\Windows\system32\java.exe --------- 145184 
 14.04.2011 05:07    C:\Windows\system32\deployJava1.dll --------- 472808 
 13.04.2011 22:27    C:\Windows\system32\FNTCACHE.DAT --------- 481040 
 12.03.2011 23:55    C:\Windows\system32\XpsPrint.dll --------- 876032 
 10.03.2011 19:03    C:\Windows\system32\mfc42u.dll --------- 1162240 
 10.03.2011 19:03    C:\Windows\system32\mfc42.dll --------- 1136640 
 08.03.2011 13:24    C:\Windows\system32\Lang --------- 0 
 08.03.2011 13:23    C:\Windows\system32\x64 --------- 0 
 03.03.2011 17:42    C:\Windows\system32\inetcomm.dll --------- 739328 
 03.03.2011 17:40    C:\Windows\system32\Apphlpdm.dll --------- 28672 
 03.03.2011 15:35    C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 03.03.2011 15:25    C:\Windows\system32\win32k.sys --------- 2041856 
 02.03.2011 17:44    C:\Windows\system32\dnsrslvr.dll --------- 86528 
 02.03.2011 17:44    C:\Windows\system32\dnsapi.dll --------- 168448 
 24.02.2011 13:39    C:\Windows\system32\shsvcs.dll --------- 247808 
 24.02.2011 13:06    C:\Windows\system32\WindowsPowerShell --------- 0 
 22.02.2011 22:33    C:\Windows\system32\uxtheme.dll --------- 240128 
 22.02.2011 22:33    C:\Windows\system32\themeui.dll --------- 615424 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 23.05.2011 23:41    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096 
 23.05.2011 20:21    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092 
 23.05.2011 20:21    C:\Windows\Tasks\RegistryDoktor.job --------- 332 
 23.05.2011 20:17    C:\Windows\Tasks\SA.DAT --------- 6 
 23.05.2011 20:16    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32584 
 04.05.2010 21:05    C:\Windows\Tasks\PCConfidential.job --------- 416 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\Irene\AppData\Local\Temp

 23.05.2011 23:58    C:\Users\Irene\AppData\Local\Temp\amt.log --------- 16677 
 23.05.2011 23:56    C:\Users\Irene\AppData\Local\Temp\alm.log --------- 4130 
 23.05.2011 23:55    C:\Users\Irene\AppData\Local\Temp\TWAIN.LOG --------- 695 
 23.05.2011 23:55    C:\Users\Irene\AppData\Local\Temp\Twain001.Mtx --------- 3 
 23.05.2011 23:55    C:\Users\Irene\AppData\Local\Temp\Twunk001.MTX --------- 156 
 23.05.2011 22:49    C:\Users\Irene\AppData\Local\Temp\Twunk002.MTX --------- 0 
 23.05.2011 20:27    C:\Users\Irene\AppData\Local\Temp\jusched.log --------- 711 
 23.05.2011 20:22    C:\Users\Irene\AppData\Local\Temp\WPDNSE --------- 0 
 23.05.2011 20:21    C:\Users\Irene\AppData\Local\Temp\Low --------- 0 
 23.05.2011 20:21    C:\Users\Irene\AppData\Local\Temp\Irene.bmp --------- 31832 
 22.02.2011 22:15    C:\Users\Irene\AppData\Local\Temp\_iu14D2N.tmp --------- 1014311 
----------------------------------------

 
C:\Program Files

 23.05.2011 18:04    C:\Program Files\Synaptics --------- 0 
 23.05.2011 15:49    C:\Program Files\Internet Explorer --------- 4096 
 23.05.2011 03:28    C:\Program Files\Common Files --------- 4096 
 12.05.2011 12:38    C:\Program Files\Windows Mail --------- 4096 
 30.04.2011 22:20    C:\Program Files\Java --------- 0 
 30.04.2011 04:38    C:\Program Files\Mozilla Firefox --------- 32768 
 30.04.2011 00:12    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 29.04.2011 22:58    C:\Program Files\RegCleaner --------- 0 
 23.04.2011 14:07    C:\Program Files\Microsoft Silverlight --------- 4096 
 15.04.2011 22:24    C:\Program Files\VideoLAN --------- 0 
 25.03.2011 17:27    C:\Program Files\Cheat Engine 6 --------- 0 
 08.03.2011 13:26    C:\Program Files\Intel --------- 0 
 08.03.2011 12:56    C:\Program Files\DNA --------- 0 
 16.02.2011 18:12    C:\Program Files\Adobe --------- 4096 
 07.02.2011 16:33    C:\Program Files\InstallShield Installation Information --------- 0 
 22.01.2011 12:45    C:\Program Files\CCleaner --------- 0 
 19.01.2011 16:15    C:\Program Files\Windows Live --------- 4096 
 15.10.2010 00:55    C:\Program Files\Windows Media Player --------- 4096 
 04.10.2010 17:23    C:\Program Files\Google --------- 0 
 04.10.2010 16:50    C:\Program Files\WTouch --------- 4096 
 04.10.2010 16:49    C:\Program Files\TabletPlugins --------- 4096 
 04.10.2010 16:48    C:\Program Files\Tablet --------- 4096 
 26.09.2010 02:04    C:\Program Files\WinMPG VideoConvert --------- 0 
 13.09.2010 01:35    C:\Program Files\Windows Portable Devices --------- 0 
 10.09.2010 17:33    C:\Program Files\Windows Calendar --------- 0 
 10.09.2010 17:32    C:\Program Files\Movie Maker --------- 0 
 10.09.2010 17:32    C:\Program Files\Windows Sidebar --------- 4096 
 10.09.2010 17:32    C:\Program Files\Windows Collaboration --------- 4096 
 10.09.2010 17:32    C:\Program Files\Windows Photo Gallery --------- 4096 
 10.09.2010 17:32    C:\Program Files\Windows Defender --------- 4096 
 09.08.2010 18:36    C:\Program Files\Sierra On-Line --------- 0 
 03.08.2010 13:11    C:\Program Files\DVDVideoSoft --------- 4096 
 26.07.2010 13:07    C:\Program Files\WinRAR --------- 4096 
 16.07.2010 15:51    C:\Program Files\AC3Filter --------- 4096 
 26.06.2010 12:12    C:\Program Files\Microsoft.NET --------- 0 
 04.06.2010 18:05    C:\Program Files\Microsoft --------- 0 
 21.05.2010 18:13    C:\Program Files\MP4 Media Player --------- 0 
 13.05.2010 16:12    C:\Program Files\Neffy --------- 0 
 02.05.2010 00:38    C:\Program Files\W3i, LLC --------- 0 
 30.04.2010 18:16    C:\Program Files\Microsoft Games --------- 0 
 30.04.2010 18:06    C:\Program Files\Winamp --------- 0 
 11.04.2010 21:40    C:\Program Files\KSAW --------- 0 
 26.02.2010 21:36    C:\Program Files\MAGIX --------- 0 
 20.12.2009 00:07    C:\Program Files\AOL --------- 0 
 10.12.2009 18:25    C:\Program Files\Microsoft Office --------- 4096 
 10.12.2009 18:24    C:\Program Files\MSECache --------- 0 
 01.12.2009 21:27    C:\Program Files\eMachines GameZone --------- 0 
 29.11.2009 22:24    C:\Program Files\Microsoft WSE --------- 0 
 21.11.2009 18:13    C:\Program Files\Pando Networks --------- 0 
 15.11.2009 16:08    C:\Program Files\DIFX --------- 0 
 10.11.2009 19:42    C:\Program Files\Microsoft Works --------- 0 
 12.07.2009 15:37    C:\Program Files\Microsoft Sync Framework --------- 0 
 12.07.2009 15:35    C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 
 12.07.2009 15:33    C:\Program Files\Windows Live SkyDrive --------- 0 
 04.06.2009 16:06    C:\Program Files\MSXML 4.0 --------- 0 
 04.06.2009 15:58    C:\Program Files\Avira --------- 0 
 04.06.2009 15:19    C:\Program Files\EMACHINES --------- 0 
 04.06.2009 15:17    C:\Program Files\Gemeinsame Dateien --------- 0 
 04.06.2009 15:17    C:\Program Files\Windows NT --------- 4096 
 01.03.2009 00:35    C:\Program Files\Acer Incorporated --------- 0 
 01.03.2009 00:29    C:\Program Files\InterVideo --------- 0 
 01.03.2009 00:22    C:\Program Files\Apoint2K --------- 0 
 01.03.2009 00:16    C:\Program Files\Launch Manager --------- 0 
 08.08.2008 12:04    C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 0 
 08.08.2008 11:53    C:\Program Files\NewTech Infosystems --------- 0 
 08.08.2008 11:33    C:\Program Files\Oberon Media --------- 0 
 08.08.2008 11:31    C:\Program Files\Realtek --------- 0 
 21.01.2008 04:57    C:\Program Files\desktop.ini --------- 174 
 02.11.2006 14:58    C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 14:35    C:\Program Files\Reference Assemblies --------- 0 
 02.11.2006 14:35    C:\Program Files\MSBuild --------- 0 
----------------------------------------

 
C:\ProgramData\..

Irene   
Public   
Default   
desktop.ini   
Default User   
All Users   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        1.428 K
smss.exe                      420 Services                  0            60 K
csrss.exe                      488 Services                  0          544 K
wininit.exe                    532 Services                  0            68 K
csrss.exe                      540 Console                    1        6.532 K
winlogon.exe                  588 Console                    1            80 K
services.exe                  612 Services                  0        1.504 K
lsass.exe                      628 Services                  0        2.844 K
lsm.exe                        636 Services                  0          928 K
svchost.exe                    812 Services                  0        2.588 K
svchost.exe                    884 Services                  0        2.376 K
svchost.exe                    920 Services                  0        17.480 K
svchost.exe                    988 Services                  0        3.380 K
svchost.exe                  1088 Services                  0        40.508 K
svchost.exe                  1104 Services                  0        7.216 K
audiodg.exe                  1184 Services                  0        11.348 K
svchost.exe                  1208 Services                  0          864 K
SLsvc.exe                    1224 Services                  0            52 K
WTouchService.exe            1340 Services                  0            84 K
svchost.exe                  1424 Services                  0        3.256 K
svchost.exe                  1448 Services                  0        1.300 K
wlanext.exe                  1544 Services                  0          800 K
spoolsv.exe                  1648 Services                  0        1.548 K
svchost.exe                  1672 Services                  0        1.476 K
svchost.exe                  1864 Services                  0        2.692 K
avguard.exe                  1888 Services                  0        9.008 K
LSSrvc.exe                    1952 Services                  0            72 K
BackupSvc.exe                1988 Services                  0          528 K
svchost.exe                  2024 Services                  0          104 K
avshadow.exe                  440 Services                  0            60 K
svchost.exe                    456 Services                  0          912 K
Pen_Tablet.exe                  12 Services                  0            68 K
WLIDSVC.EXE                    632 Services                  0          500 K
taskeng.exe                  2108 Services                  0          136 K
WLIDSVCM.EXE                  2124 Services                  0            72 K
svchost.exe                  2992 Services                  0          396 K
WTouchUser.exe                3832 Console                    1          800 K
taskeng.exe                  3920 Console                    1        2.288 K
dwm.exe                      4064 Console                    1        32.324 K
explorer.exe                  2056 Console                    1        23.372 K
Pen_TabletUser.exe            1796 Console                    1          100 K
Pen_Tablet.exe                820 Console                    1        1.676 K
MSASCui.exe                  1536 Console                    1          240 K
RtHDVCpl.exe                  2436 Console                    1          196 K
avgnt.exe                    2440 Console                    1        2.120 K
jusched.exe                  1060 Console                    1            64 K
wuauclt.exe                  2364 Console                    1            64 K
igfxsrvc.exe                  2516 Console                    1          120 K
hkcmd.exe                    2628 Console                    1            80 K
igfxpers.exe                  2396 Console                    1            84 K
SynTPEnh.exe                  2452 Console                    1          236 K
btdna.exe                    2900 Console                    1          956 K
wmpnscfg.exe                  2700 Console                    1          236 K
SearchIndexer.exe            2580 Services                  0        14.552 K
unsecapp.exe                  3364 Console                    1        1.076 K
WmiPrvSE.exe                  2780 Services                  0        1.896 K
wmpnetwk.exe                  2804 Services                  0          480 K
SynTPHelper.exe                724 Console                    1            76 K
PresentationFontCache.exe    3384 Services                  0          648 K
firefox.exe                  2104 Console                    1      134.124 K
SearchProtocolHost.exe        3436 Services                  0        8.076 K
SearchFilterHost.exe          1072 Services                  0        5.064 K
cmd.exe                      3672 Console                    1        2.824 K
tasklist.exe                  3596 Console                    1        4.496 K
WmiPrvSE.exe                  684 Services                  0        5.520 K
dllhost.exe                  2052 Console                    1        4.120 K

 
***** Ende des Scans 24.05.2011 um  0:02:30,72 ***
4. Meine installierten Programme
Code:
AC3Filter 1.63b        Alexander Vigovsky        15.07.2010        1,67MB        1.63b
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        13.12.2009        14,0MB       
Adobe AIR        Adobe Systems Inc.        15.02.2011        29,4MB        2.5.1.17730
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        13.12.2009                10.0.22.87
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.05.2011                10.3.181.14
Adobe Reader 9.4.4 - Deutsch        Adobe Systems Incorporated        28.04.2011        167,4MB        9.4.4
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        10.02.2011        8,33MB        11.5.9.620
Akamai NetSession Interface                10.12.2010        5,63MB       
ALPS Touch Pad Driver        Alps Electric        13.12.2009                Version 7.0.1101.18
Avira AntiVir Personal - Free Antivirus        Avira GmbH        28.04.2011        72,3MB        10.0.0.648
CCleaner        Piriform        23.05.2011        3,41MB        3.06
Cheat Engine 6.0        Dark Byte        24.03.2011        18,6MB       
DNA        BitTorrent Inc.        07.03.2011        0,41MB        2.2.4 (16502)
eMachines        Oberon Media        13.12.2009        0,20MB       
eMachines Recovery Management        Acer Incorporated        27.02.2009        43,6MB        3.1.3003
eMachines ScreenSaver        Acer Incorporated        27.02.2009                1.02.0902
Facebook Plug-In        Facebook, Inc.        15.06.2010        5,46MB       
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        18.08.2010        3,07MB       
Free Studio version 4.8        DVDVideoSoft Limited.        02.08.2010        88,2MB       
Free YouTube to MP3 Converter version 3.8        DVDVideoSoft Limited.        18.08.2010        3,33MB       
Galapago        Oberon Media        13.12.2009        44,3MB       
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        23.05.2011                8.15.10.2281
InterVideo WinDVD 8        InterVideo Inc.        27.02.2009        99,7MB        8.0-B9.498
Java(TM) 6 Update 25        Sun Microsystems, Inc.        19.06.2010        94,5MB        6.0.250
Launch Manager                13.12.2009        2,43MB       
Malwarebytes' Anti-Malware        Malwarebytes Corporation        29.04.2011        3,91MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        13.12.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        13.12.2009        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        120,3MB        4.0.30319
Microsoft Office Home and Student 2007        Microsoft Corporation        13.12.2009        298MB        12.0.6425.1000
Microsoft Office Live Add-in 1.5        Microsoft Corporation        03.06.2010        0,49MB        2.0.4024.1
Microsoft Office Word Viewer 2003        Microsoft Corporation        12.04.2011                11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        21.04.2011                4.0.60310.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        11.07.2009        1,74MB        3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        11.07.2009        0,61MB        1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        18.01.2011        1,45MB        1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        28.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.08.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        12.04.2011        0,29MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.07.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        31.07.2010        2,86MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        03.06.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.06.2010        0,57MB        9.0.30729.4148
Microsoft Visual C++ Run Time  Lib Setup        Microsoft        25.09.2010        1,69MB        1.0.0
Microsoft Works        Microsoft Corporation        09.12.2009                08.05.0822
Microsoft WSE 3.0 Runtime        Microsoft Corp.        28.11.2009        0,92MB        3.0.5305.0
Mozilla Firefox (3.6.17)        Mozilla        29.04.2011        31,5MB        3.6.17 (de)
MP4 Media Player 1.0        vsevensoft.com        20.05.2010        13,4MB       
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        03.06.2009        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0
Neffy 1,3,29,0        CDNetworks        12.05.2010        1,91MB        1,3,29,0
nProtect KeyCrypt                13.12.2009               
NTI Backup Now Standard                07.08.2008               
NTI Media Maker 8        NewTech Infosystems        07.08.2008        181,0MB        8.0.12.6325
Pando Media Booster        Pando Networks Inc.        12.05.2010        6,69MB        2.3.3.9
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        07.08.2008        1,55MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        07.08.2008        22,0MB        6.0.1.5648
Red Alert Windows 95                15.01.2010               
Samsung New PC Studio USB Driver Installer        Samsung Electronics Co., Ltd.        14.11.2009        8,55MB        1.00.0000
Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        12.07.2009        32,5MB        8.0.0
Stifttablett        Wacom Technology Corp.        03.10.2010        51,6MB       
Synaptics Pointing Device Driver        Synaptics Incorporated        22.05.2011        28,6MB        15.0.6.0
Unity Web Player        Unity Technologies ApS        17.05.2011        0,20MB       
Visual C++ 8.0 Runtime Setup Package        Your Company        24.02.2010        1,55MB        1.0.0.0
WebTablet IE Plugin        Wacom Technology Corp.        03.10.2010                1.1.0.4
WebTablet Netscape Plugin        Wacom Technology Corp.        03.10.2010        0,75MB        1.1.0.3
Windows Live Essentials        Microsoft Corporation        24.02.2011        119,8MB        14.0.8117.0416
Windows Live ID-Anmelde-Assistent        Microsoft Corporation        03.06.2010        4,69MB        6.500.3165.0
Windows Live Sync        Microsoft Corporation        18.01.2011        2,80MB        14.0.8117.416
Windows Live-Uploadtool        Microsoft Corporation        11.07.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        05.05.2010        0,29MB        1.0.0.8
WinMPG VideoConvert 9.1.6.0        Direct-Soft Inc.        25.09.2010        54,6MB        9.1.6.0
WinRAR archiver                27.02.2010        3,63MB
Ich hoffe ich habs richtig gemacht.

kira 25.05.2011 07:02
1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
verwendest Du Squid-Proxy?-> "IP 131.247.2.247 network.proxy.http_port: 3128"

3.
BitTorrent/DNA: gilt als unsicher und sollte daher nicht eingesetzt werden.
Was ist BitTorrent/DNA

4.
wenn nicht unbedingt benötigst, kannst deinstallieren:
Code:
Facebook Plug-In
5.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
[2010.11.17 20:53:57 | 000,002,567 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml
[2009.10.01 01:38:10 | 000,000,886 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml
[2010.12.09 19:16:46 | 000,010,017 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml
[2011.05.23 20:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\IRENE\PROGRAM FILES\DNA
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService]  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2011.04.30 00:12:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:01 | 000,000,136 | ---- | M] () -- C:\ProgramData\~32366344
[2011.04.29 21:09:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32366344r
[2011.04.29 20:11:43 | 000,000,336 | ---- | M] () -- C:\ProgramData\32366344
[2010.06.16 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Facebook

:Commands
[purity]
[emptytemp]

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Rin.T 30.05.2011 19:52
Mein Antwort war verspätet, mein Lüfter war auf einmal defekt.

Gmer hat beim ersten versuch nicht funktioniert. :(
Ich benütze kein proxy.

5.
Code:
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml moved successfully.
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml moved successfully.
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml moved successfully.
C:\USERS\IRENE\PROGRAM FILES\DNA\plugins folder moved successfully.
C:\USERS\IRENE\PROGRAM FILES\DNA folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be566-c597-11df-9012-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be566-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be566-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be566-c597-11df-9012-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be569-c597-11df-9012-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be569-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be569-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be569-c597-11df-9012-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
C:\Windows\Tasks\RegistryDoktor.job moved successfully.
C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk moved successfully.
File C:\ProgramData\~32366344 not found.
File C:\ProgramData\~32366344r not found.
File C:\ProgramData\32366344 not found.
Folder C:\Users\Irene\AppData\Roaming\Facebook\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 570510 bytes
->Temporary Internet Files folder emptied: 31752455 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90669426 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8588 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1274706 bytes
RecycleBin emptied: 303674 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 05302011_202408

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
6. OTL
Code:
OTL logfile created on: 30.05.2011 20:31:09 - Run 4
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 282,60 Mb Available Physical Memory | 29,64% Memory free
2,29 Gb Paging File | 1,39 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,55 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
PRC - [2011.04.30 04:38:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.17 01:36:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.19 04:00:01 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.13 22:46:27 | 000,002,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv)
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.08 16:08:58 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.05.20 21:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.15 13:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npkcrypt.sys -- (npkcrypt)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C EA ED 77 D2 6B CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: betterkongregate@matthewammann.com:3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
 
[2009.08.23 15:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Extensions
[2011.05.30 13:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions
[2010.05.19 20:12:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.14 19:00:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.04 14:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.07.22 03:40:41 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2011.05.26 22:56:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.13 20:09:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.13 20:09:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.04 14:58:50 | 000,000,000 | ---D | M] (Better Kongregate) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\betterkongregate@matthewammann.com
[2011.05.02 15:10:03 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\multilinks@plugin
[2010.04.14 13:57:32 | 000,001,827 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\bing.xml
[2010.01.22 14:37:53 | 000,002,280 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\google-und-download-suche.xml
[2010.06.02 17:48:13 | 000,001,741 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\search-the-web.xml
[2011.05.30 13:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 19:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.30 22:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 212.186.211.21 195.34.133.21 195.34.133.22
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 22:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011.05.23 20:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.23 19:15:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:29:25 | 000,000,000 | ---D | C] -- C:\Users\Irene\{fcafd724-883f-4929-83a5-90f16d6cdb64}
[2011.05.23 18:05:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.05.23 18:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011.05.23 18:02:38 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.19 14:54:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.30 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.30 22:21:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.30 20:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 20:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 20:26:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.30 20:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.30 20:26:06 | 1000,366,080 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.30 20:22:21 | 000,000,586 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.05.30 19:41:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.26 22:56:32 | 000,001,159 | ---- | M] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011.05.26 21:19:33 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.26 21:19:33 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.26 21:19:33 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.26 21:19:33 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.24 20:04:05 | 000,001,190 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2011.05.24 01:53:21 | 000,480,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.24 00:04:59 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:07:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:02:38 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 15:45:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 15:45:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:45:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:18 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.21 19:08:35 | 002,093,056 | ---- | M] () -- C:\Users\Irene\Desktop\CM.sai
[2011.05.19 14:54:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011.05.26 22:56:32 | 000,001,159 | ---- | C] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011.05.24 00:04:59 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.24 00:01:44 | 000,030,259 | ---- | C] () -- C:\Users\Irene\Desktop\hjtscanlist.bat
[2011.05.23 18:07:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:06:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.05.23 16:05:34 | 000,000,917 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.23 15:45:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:11:38 | 1000,366,080 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.21 18:36:23 | 002,093,056 | ---- | C] () -- C:\Users\Irene\Desktop\CM.sai
[2011.01.12 11:11:32 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.01.12 11:11:30 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.01.12 11:11:28 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.01.12 10:36:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.06 17:25:43 | 000,001,190 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.09.13 17:51:55 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.08.03 18:39:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 14:38:31 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 12:14:50 | 000,000,035 | ---- | C] () -- C:\Windows\Weather.Ini
[2010.03.14 19:29:25 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010.02.26 21:00:16 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.02.26 20:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.02.26 20:54:41 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.26 20:54:29 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.07 19:39:32 | 000,006,080 | ---- | C] () -- C:\Users\Irene\AppData\Local\d3d9caps.dat
[2010.01.24 19:49:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.01.23 00:36:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.18 18:53:04 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.16 17:48:23 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.13 21:50:03 | 000,005,840 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\UserTile.png
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.15 16:06:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.15 16:06:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.05 19:44:14 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.10.08 14:55:28 | 000,000,586 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.11 00:18:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 00:18:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.13 02:23:29 | 000,000,090 | ---- | C] () -- C:\Windows\System32\EUSOFT.SYS
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.25 18:33:03 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.07.25 00:43:22 | 000,000,811 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.07.24 16:14:40 | 000,000,080 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\wklnhst.dat
[2009.06.21 01:33:55 | 000,007,168 | ---- | C] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.04 15:30:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.01 00:24:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.03.01 00:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.17 17:43:46 | 000,589,824 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2008.11.27 06:24:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008.11.27 06:24:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.15 03:41:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.08.08 20:44:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.08.08 11:30:05 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 10:21:25 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,480,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.11.27 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\App Launcher Gadget
[2011.05.30 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DNA
[2011.04.16 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2011.05.26 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.09 23:32:12 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\FontCreator
[2010.10.03 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\gtk-2.0
[2009.07.27 02:59:13 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\InterVideo
[2010.01.11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\NCH Swift Sound
[2009.11.15 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\PC Suite
[2010.07.28 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Sierra
[2010.05.17 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\SYSTEMAX Software Development
[2010.02.15 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Template
[2011.01.09 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Unity
[2010.09.26 02:06:14 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WinMPG
[2010.10.04 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WTouch
[2010.05.04 21:05:07 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011.05.30 20:25:12 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >
Extras
Code:
OTL Extras logfile created on: 30.05.2011 20:31:09 - Run 4
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 282,60 Mb Available Physical Memory | 29,64% Memory free
2,29 Gb Paging File | 1,39 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,55 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193C16D2-25A8-4877-99E2-6398EDB90156}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{946A8F0D-E62B-4CDE-BF0E-E9D39CFB4F2F}" = lport=50295 | protocol=6 | dir=in | name=akamai netsession interface |
"{B62C7B46-36D5-4821-A8F5-AF5ED4526CA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE04B56B-3F5F-4F38-B108-D3C85FA32F1E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{DC6CEB81-5611-46EC-A51F-BDE4F62A36B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DD88B457-03BD-4707-A004-C0ED5B1C4AD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C6D448-CCF7-4C00-A67D-2E3524687452}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0790089F-AA8C-4E5F-B4F8-C3FE6B5A81E9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{087627E0-83FD-42D2-A386-BCF40B77F03F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0E58A0A5-4C9C-4788-BB99-117685A96464}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{12495251-71AE-4DED-A963-D65C68C56A6A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1B0F7E47-896B-4C0A-A882-2FCA86E9964E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{40AD01C3-8D43-4CF7-BF07-4CDA6A0D0519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{43CD71B8-CE2D-4A03-B91D-D9A24D41DA37}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{57529B4C-CA3F-43C3-A21B-DF7073FC0C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57F8DD6C-23D8-4740-B9FA-5806538AA216}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5A0338E7-3D0B-4DE6-B9F8-F73D7DFDD792}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5FBA5F8B-74FA-405F-AAD3-1EC7215BBA91}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{67392AE3-C899-42EF-AF58-873D97B2BCC8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6BCB72CB-B4F2-4C16-A622-ED8CFC1A14BC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{714A1D63-D3BF-49F5-88D8-7A0A029FC0A0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{870A1CD7-90B8-45E1-8945-3081C50CC75E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8C3B5583-9234-4389-A125-2ED19B3C652F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{91BD3F58-C642-4CAA-B950-B34676AEB8D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{93E33A36-46FC-416B-AABD-881E6F54F880}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{94EFF76D-B7D9-4278-9DFB-66A49717D0A5}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{9710E36F-67AA-4040-B679-5A8247B0CF82}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{A2703811-CEF0-4B70-B8B9-C1B3452D7D5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB85559E-145E-471F-986D-087D8576D400}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B50BF2B8-F2D7-49F1-A770-797E515F98BB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B6F8C181-C507-42C6-9881-415BD34E46C6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BD2ECE45-FE22-4A7C-B002-85FCB11F4743}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C9C5C08F-CBA8-46C6-8CB0-1E8AE6C64A4A}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe |
"{CC7CFC7A-3896-4421-BC38-3EE7EBE89F89}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE5666A7-F343-4452-AA15-7E487687FFD3}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{CE9AF69A-AAD0-4BA3-96E6-26634BCA6034}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{CEF2FBBC-41DB-4358-AB01-52B4B615F8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CF753184-FB85-4388-AF1D-1ABB56928CE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F036BE76-6F28-4649-BE54-E8B882DACAEF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F62A4492-031A-4DD7-85FB-2743A003953D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9BFF757-9EA3-4AFA-8B2A-D8744F41B32B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{02965AF5-ECF9-4784-B444-40979A80487C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{04010334-3242-4687-96D5-2883C103B8FD}C:\program files\irisnotes\easy note taker.exe" = protocol=6 | dir=in | app=c:\program files\irisnotes\easy note taker.exe |
"TCP Query User{049A89EB-4581-450E-94C1-762303AB9B09}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{1330EEC4-2CDC-4406-8EA4-E29334D28667}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{1ABF0AC5-83D2-42CE-8989-420FED880119}C:\program files\weltwunder\game.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\game.exe |
"TCP Query User{2173C38E-5E49-452F-89C5-C0021042B9F7}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"TCP Query User{288335AA-542A-4EDA-9DCE-F4A8A4471E49}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{304F9926-5E45-4380-A905-73D1530EC12C}C:\users\irene\downloads\dragonoath.exe" = protocol=6 | dir=in | app=c:\users\irene\downloads\dragonoath.exe |
"TCP Query User{33975C40-C224-4746-B9A1-5C1733A55BC0}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{37942AE9-7889-4194-8A56-2C58E8BA941E}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=6 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe |
"TCP Query User{3D26E38A-2B61-4AF8-A98A-F0F1C2D7DE89}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"TCP Query User{47322C84-8FA1-4EBC-B9F8-9B49F6F138F1}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{59708A26-D025-4EB0-BD44-8242A85CD104}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"TCP Query User{5B214D58-A7BA-418B-AB55-7930C40BD801}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=6 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe |
"TCP Query User{5F6CD87E-60D1-43DF-A0A2-9A6F2EDACB19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{70B0754C-A6E8-4AF1-B399-DF6DB0894BE5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{72D80BAE-36DF-49C0-BC17-719EEB6CF9F7}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"TCP Query User{7CD6E412-9A26-41CB-87A8-3EF2A9CB13FD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8453D2F3-A324-41BF-BD70-41A3063ECC60}C:\program files\weltwunder\gamemp.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\gamemp.exe |
"TCP Query User{86FE2CBD-AFAB-49BA-9B08-B45FE6A22BA2}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{98214D9E-DCD9-4F1A-BE08-3E2E6AAC116F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{A1513D5C-FEAB-4403-8998-85FB4116F4D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A67198B2-4C81-4A51-B42D-704060B0C701}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{AAA966B7-896B-4B75-930F-684F31626925}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{B4748A90-2B95-4FCF-BE6C-A1CF1A406C0E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"TCP Query User{D37C86A8-803B-46F9-9DA2-08AEEB9A3410}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DA9D4871-2D8E-4235-AD48-6F408B71050E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"TCP Query User{EE9D07A1-B34A-478F-88A9-2DF58B66B010}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{F80066FF-DDEF-405B-A02F-FDB249447618}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{02B9A706-BC3C-48B2-8ABF-73756EDD5916}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{196F38D2-EAEB-43E4-BDDD-36073195A32F}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{233A6CDB-1329-40D9-8236-C7A24DF268F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{26221FBF-9514-4331-9EB0-BA916B066BDF}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe |
"UDP Query User{2B7AE3B8-7BBB-42B4-B18A-8E69435FB1F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{2E2CF505-6B9C-46E0-9CD1-4B3B777A8068}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{3A63A381-C6DB-4941-981F-A76D9659F44C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{3AC1B626-9504-4AED-9184-AB1E412E65B3}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"UDP Query User{5AF98240-79C0-4E45-942E-3769895855CC}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{66CE66A2-E660-4A54-9409-8E2F4FC722CA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7018DF44-B787-476C-85B6-C6DC984664FD}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe |
"UDP Query User{7EBE9ED0-8684-409F-88DE-C23FC0CB60D7}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{8856A8C9-A910-4005-9846-5C8856D9EBBB}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{943CA8A9-9EC6-4417-BC51-9D507A1706CC}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"UDP Query User{9FA55788-1D4F-4EDE-A001-56DCBA81A649}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A35A0774-4009-4E64-9086-2CC5985CB9D8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{A5CCE7C1-EFEB-49B4-B478-EA556E4792B7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B2BBB383-91A7-49E4-AF2D-47C64AE83589}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{B8DA9F0C-6553-487D-9AEC-C8B101783846}C:\program files\weltwunder\game.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\game.exe |
"UDP Query User{BF1E9F59-F0A7-42C3-9DEB-BA4D139FB127}C:\program files\weltwunder\gamemp.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\gamemp.exe |
"UDP Query User{BFB1EDE0-CE81-4D4B-BDF8-21CB3C7421CD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{C42BC2B8-5D46-4C7E-8C92-A7F9E400DB8A}C:\program files\irisnotes\easy note taker.exe" = protocol=17 | dir=in | app=c:\program files\irisnotes\easy note taker.exe |
"UDP Query User{C4891A16-CAA0-40D1-866C-346BA017E9A3}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=17 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe |
"UDP Query User{C4EB875A-45F1-4F8D-AE8F-E035A3834F12}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{CFC18456-BC29-4B84-8E5F-6BDB3985781C}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"UDP Query User{D9C64937-B67F-4C24-8DC1-AB9C3E7188E8}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe |
"UDP Query User{DBEE5BCD-40EA-4F2D-9406-5A1992F5DAE6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{F8FF90E6-5977-46BA-B985-589E3C26FB21}C:\users\irene\downloads\dragonoath.exe" = protocol=17 | dir=in | app=c:\users\irene\downloads\dragonoath.exe |
"UDP Query User{FD9C52FB-B090-4189-A10C-EE6B57AA6E2A}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=17 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP4 Media Player_is1" = MP4 Media Player 1.0
"Neffy" = Neffy 1,3,29,0
"npkcxp" = nProtect KeyCrypt
"Pen Tablet Driver" = Stifttablett
"Red Alert" = Red Alert Windows 95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 9.1.6.0
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2011 07:32:45 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.02.2011 13:11:36 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0xbcc, Anwendungsstartzeit
 01cbc84eda4ea05a.
 
Error - 10.02.2011 06:19:36 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.02.2011 08:47:29 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0x56c, Anwendungsstartzeit
 01cbc90e3de768a0.
 
Error - 11.02.2011 08:47:52 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 10:32:12 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 16:20:34 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2011 16:48:15 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x490, Anwendungsstartzeit
 01cbca2b83530101.
 
Error - 12.02.2011 07:36:02 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.02.2011 07:32:27 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 30.05.2011 08:50:54 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 30.05.2011 11:34:27 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 30.05.2011 11:34:27 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.05.2011 12:18:23 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 30.05.2011 13:03:10 | Computer Name = Irene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.05.2011 um 18:55:20 unerwartet heruntergefahren.
 
Error - 30.05.2011 13:04:48 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 30.05.2011 13:04:48 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.05.2011 14:24:11 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 30.05.2011 14:27:21 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 30.05.2011 14:27:21 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

kira 31.05.2011 16:49
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
O4 - HKCU..\Run: [BitTorrent DNA]  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728
:Commands
[purity]
[emptytemp]

2.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Rin.T 02.06.2011 12:43
1.OTL
Code:
All processes killed
========== OTL ==========
Prefs.js: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Prefs.js: "131.247.2.247" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
ADS C:\ProgramData\TEMP:C46995DA deleted successfully.
ADS C:\ProgramData\TEMP:0A8E2C33 deleted successfully.
ADS C:\ProgramData\TEMP:F01E7F17 deleted successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:C5760A8B deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:DB365884 deleted successfully.
ADS C:\ProgramData\TEMP:CF5C4195 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
ADS C:\ProgramData\TEMP:9B52F176 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 154856076 bytes
->Temporary Internet Files folder emptied: 389463 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72931867 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1264 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 597482 bytes
RecycleBin emptied: 23315824 bytes
 
Total Files Cleaned = 240,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06012011_150419

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
2.
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2011 at 05:12 PM

Application Version : 4.53.1000

Core Rules Database Version : 7174
Trace Rules Database Version: 4986

Scan type      : Complete Scan
Total Scan Time : 01:56:38

Memory items scanned      : 584
Memory threats detected  : 0
Registry items scanned    : 7925
Registry threats detected : 0
File items scanned        : 46233
File threats detected    : 80

Adware.Tracking Cookie
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@ad.yieldmanager[2].txt
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@adbrite[1].txt
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@advertise[1].txt
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@atdmt[2].txt
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@content.yieldmanager[1].txt
        C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@tribalfusion[1].txt
        .doubleclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .atdmt.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .atdmt.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        wstat.wibiya.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .xiti.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        sso-de.bestofmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        www.mediamarkt.at [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        s01.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        counters.gigya.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .lucidmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .ru4.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        s04.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        s06.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adcentriconline.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .statcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        statse.webtrendslive.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        de.sitestat.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .dmtracker.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .lfstmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        ad1.adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .content.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .msnportal.112.2o7.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .revsci.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .revsci.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .apmebf.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .fastclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .fastclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .microsoftsto.112.2o7.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .yadro.ru [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .yadro.ru [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
3. Seit einer Stunde läuft der Scan nicht mehr weiter, es bleibt immer bei C:\ACER\Preload\Autorun\APP\NTI Media Maker\Data1.cab stehen.
Auch bei mehreren Versuchen hat es auch nichts genützt. :(

kira 02.06.2011 14:05
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Rin.T 02.06.2011 18:59
Nein. Keine Probleme, mein Rechner ist in Ordnung.

Rin.T 02.06.2011 21:29
Zitat:
Zitat von Rin.T (Beitrag 667161)
Nein. Keine Probleme, mein Rechner ist in Ordnung.
Ach nein doch nicht! Es ist immer noch da diese iexplore.exe :(

kira 02.06.2011 22:07
"iexplore.exe"?
normalerweise seit "IE8" stellt kein Problem dar bzw ist das normal zu betrachten (eins für den IE + andere für zusätzliche Prozesse für die Tabs)

ist dir bekannte Einträge bzw Seite, absichtlich zugefügt?
Code:
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"

Rin.T 03.06.2011 14:08
Leider weiß ich nicht, ich benütze IE überhaupt nicht mehr. Und mir ist was verdächtiges entdeckt das im Add-ons 2 Schlüssel-einträge drin war.
Code:
{53F6FCCD-9E22-4D71-86EA-6E43136192AB}
{925DAB62-F9AC-4221-806A-057BFB1014AA}
Ist das normal?

kira 03.06.2011 21:53
nicht schädlich, aber kannst beide löschen

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
       
:Commands
[purity]
[emptytemp]

Rin.T 04.06.2011 14:23
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Prefs.js: "OurWorld.com Customized Web Search" removed from browser.search.defaultthis.engineName
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 17146787 bytes
->Temporary Internet Files folder emptied: 41071516 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 139079763 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7634 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1199260 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 189,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06042011_150448

Files\Folders moved on Reboot...
C:\Users\Irene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

Registry entries deleted on Reboot...
trotz hat es nichts geändert, es ist immer noch da.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28