text enhance, Weiterleitungen von Google Links und Suchmaschinen-Plugin

mona_x · 13.06.2013, 17:27

Hallo,

seit gestern habe ich einige Probleme mit dem Computer, die alle auf einmal kamen. Ich befürchte, es handelt sich um einen Virus. :-(

----------

die Probleme:

1. Text-enhance ist aufgetaucht. Es unterstreicht Worte und lässt Werbung aufpoppen.

2. Mein Firefox startet nur langsam. Überhaupt ist der ganze PC sehr langsam geworden.

3. Ich werde von Google beim Anklicken normaler Suchergebnisse auf Werbeseiten weitergeleitet.
Beispiel:
survey-central
meet-hot-girls
bannersdontwork

4. Ich hatte plötzlich Delta Search als Startseite, die ich nie als Startseite eingetragen habe. Zuerst dachte ich, ich habe etwas verschusselt und wieder Google eingetragen, doch nach einem Neustart von Firefox erschien plötzlich die Delta Search Suchbar oben im Browser.

5. In den Firefox-Addons sind plötzlich die Erweiterungen FoxyDeal 6.2 und Lyrics Fan 1.114 und die Delta Toolbar 1.5.0 aufgetaucht.

----------

Vielleicht erklärt sich jemand bereit, mir zu helfen.

Die Steps aus der Anleitung habe ich abgearbeitet.

Vielen lieben Dank schonmal. :-)

----------

defogger.txt

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:19 on 13/06/2013 (Mona)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

otl.txt

OTL logfile created on: 13/06/2013 16:40:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mona\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.05 Mb Total Physical Memory | 442.71 Mb Available Physical Memory | 43.66% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.52 Gb Free Space | 35.58% Space Free | Partition Type: NTFS

Computer Name: I | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/13 16:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
PRC - [2013/06/12 08:53:44 | 027,994,056 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Mona\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2012/09/06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012/04/25 17:28:09 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/31 04:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/03/31 04:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/01/13 00:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/13 00:28:06 | 000,364,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2011/01/13 00:23:48 | 000,966,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2011/01/13 00:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/03/05 07:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\TaskbarShuffle\taskbarshuffle.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2005/10/19 02:11:08 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2004/06/11 06:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013/05/23 11:09:01 | 002,521,040 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/05 07:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 15:32:14 | 000,165,376 | ---- | M] () -- C:\Program Files\TaskbarShuffle\tbhookin.dll
MOD - [2005/06/02 12:40:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\vsmon1.dll
MOD - [2004/06/11 06:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/09 19:34:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/31 04:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/31 04:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/13 00:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/01/13 00:28:06 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2011/01/13 00:23:48 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2011/01/13 00:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/03/05 07:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/10/19 02:11:08 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\snpstd.sys -- (snpstd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2013/06/09 20:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/02 05:52:18 | 000,071,680 | ---- | M] (Notebook Hardware Control) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2011/04/15 01:18:08 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/02/10 20:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/10/07 13:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/05/20 06:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/12/18 20:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/12 22:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/26 14:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2007/05/10 19:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 19:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/14 02:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2003/04/25 01:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.startskins.com/startpage/0519266982/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=120007&babsrc=HP_ss&mntrId=683F00188BD68941
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=683F00188BD68941
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 79 D8 61 ED 08 CC 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {C8C81311-2422-4E18-A58D-9A979110DB71}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{04AEBAB1-2A7A-ACF3-A6E6-3EE698DFD0A8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=683F00188BD68941
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B9fb8c270-7124-11dd-ad8b-0800200c9a66%7D:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: lrcfan%40fansoft.br:1.114
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/03 03:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/03 03:30:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: F:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/25 17:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/02 05:10:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files\LyricsFan\FF\ [2013/06/13 16:18:13 | 000,000,000 | ---D | M]

[2012/05/16 23:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Extensions
[2011/05/04 20:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/16 23:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Extensions\celtx@celtx.com
[2013/06/13 16:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions
[2013/06/13 10:24:53 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/06/13 10:24:53 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/06/13 16:18:17 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2013/06/13 10:24:53 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013/06/13 16:18:44 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\ffxtlbr@delta.com
[2013/06/13 10:07:54 | 000,023,197 | R--- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\tangofox-abouthome@haven667.xpi
[2013/06/13 10:07:54 | 000,020,521 | R--- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\tangofox-pdf.js@haven667.xpi
[2013/06/13 10:24:53 | 000,008,001 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\tineye@ideeinc.com.xpi
[2013/06/13 10:24:48 | 000,023,197 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}.xpi
[2013/06/13 09:48:25 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/13 10:24:48 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/06/13 10:03:18 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2013/06/13 10:24:48 | 000,026,136 | ---- | M] () (No name found) -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2013/06/13 16:18:33 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\searchplugins\babylon.xml
[2013/06/13 16:18:33 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\searchplugins\BrowserDefender.xml
[2013/06/13 16:18:53 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Mozilla\Firefox\Profiles\74e7v00t.default\searchplugins\delta.xml
[2013/06/13 16:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/13 16:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2013/06/13 08:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/13 08:32:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/13 16:18:13 | 000,000,000 | ---D | M] ("Lyrics Fan") -- C:\PROGRAM FILES\LYRICSFAN\FF

O1 HOSTS File: ([2011/05/04 16:03:57 | 000,433,234 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14912 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files\LyricsFan\lrcfan.dll (FAN Software)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Social Extras Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\SocialExtras\socialx.dll (FBSkins.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\TaskbarShuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Mona\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Mona\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mona\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304387599703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{788A38D0-BB34-498C-AA6C-D96A3DC033CD}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mona\My Documents\My Pictures\Ramona\JackRussell.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mona\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 05:50:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 16:38:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
[2013/06/13 16:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\BabSolution
[2013/06/13 16:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/06/13 16:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/06/13 16:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\Babylon
[2013/06/13 16:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\FoxyDeal
[2013/06/13 16:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsFan
[2013/06/13 13:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/13 13:36:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 13:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Start Menu\Programs\BrowserDefender
[2013/06/13 13:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender
[2013/06/13 13:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader
[2013/06/13 12:20:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2013/06/13 12:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\Malwarebytes
[2013/06/13 12:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/13 12:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/06/13 12:11:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/13 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/13 11:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BookME
[2013/06/13 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\BookME4
[2013/06/13 11:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\My Documents\BookME
[2013/06/13 11:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/06/13 11:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/06/13 09:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Anvisoft
[2013/06/13 09:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Start Menu\Programs\Anvisoft
[2013/06/13 09:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/06/13 09:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Local Settings\Application Data\Opera
[2013/06/13 09:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\Opera
[2013/06/13 09:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013/06/13 08:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/12 07:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\saSoftware
[2013/06/12 07:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/06/12 07:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\Obsidium
[2013/06/12 07:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AllMyBooks
[2013/06/09 20:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2013/06/09 20:19:19 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/09 20:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\Application Data\DAEMON Tools Lite
[2013/06/09 20:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013/06/09 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/06/09 20:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2013/06/09 20:05:04 | 000,466,008 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2013/06/09 19:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2013/06/09 19:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/06/09 19:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone
[2013/06/09 19:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2013/06/09 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2013/06/09 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2013/06/06 15:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mona\My Documents\Scribus_Vorlagen
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/13 16:44:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\BrowserDefendert.job
[2013/06/13 16:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mona\Desktop\OTL.exe
[2013/06/13 16:32:00 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-1606980848-1003UA.job
[2013/06/13 16:32:00 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-1606980848-1003Core.job
[2013/06/13 16:27:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/13 16:22:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1343024091-1606980848-1004.job
[2013/06/13 16:22:22 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/06/13 16:22:17 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 16:22:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/13 16:20:05 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Mona\defogger_reenable
[2013/06/13 16:19:01 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/06/13 16:17:19 | 000,609,336 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\setup.exe
[2013/06/13 16:03:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/13 15:49:01 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 12:23:38 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/06/13 12:11:25 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2013/06/13 11:38:09 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\BookME.lnk
[2013/06/13 08:32:59 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/13 08:04:42 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/12 08:18:29 | 000,513,897 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\joyland_king_stephen.epub
[2013/06/12 07:57:21 | 000,414,690 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\criminal_slaughter_karin.epub
[2013/06/12 07:19:42 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\calibre - E-book management.lnk
[2013/06/12 07:01:43 | 002,902,836 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\calibre_das_e_book_multi_tool_das_grosse_handbuch_.epub
[2013/06/12 06:42:55 | 000,026,221 | ---- | M] () -- C:\Documents and Settings\Mona\My Documents\AmE.odt
[2013/06/12 04:05:37 | 003,383,001 | R--- | M] () -- C:\Documents and Settings\Mona\Desktop\The_Polyglot_Project.pdf
[2013/06/12 02:00:47 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-I-Mona.job
[2013/06/11 04:52:17 | 020,412,287 | ---- | M] () -- C:\Documents and Settings\Mona\My Documents\Modernes_Webdesign_mit_CSS_-_Schritt_fuer_Schrit_nodrm.pdf
[2013/06/11 03:39:34 | 000,012,991 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\testt.jpg
[2013/06/10 06:34:46 | 000,040,590 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\Strommast.jpg.gif
[2013/06/09 21:23:18 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite.lnk
[2013/06/09 21:22:24 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to RosettaStoneVersion3.exe.lnk
[2013/06/09 20:27:41 | 000,494,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/09 20:27:41 | 000,084,874 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/09 20:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/09 20:12:01 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Mona\My Documents\ax_files.xml
[2013/06/09 20:04:09 | 000,000,030 | ---- | M] () -- C:\Program Files\Exiferupdate.ini
[2013/06/07 17:38:34 | 000,328,574 | ---- | M] () -- C:\Documents and Settings\Mona\Desktop\ich_koch_dich_tot_k_ein_liebes_roman_berg_ellen.epub
[2013/06/06 15:54:21 | 000,000,108 | -H-- | M] () -- C:\Documents and Settings\Mona\Desktop\.~lock.Scribus.odt#
[2013/05/17 22:52:18 | 003,500,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 03:07:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/17 01:35:05 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/13 16:22:23 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\BrowserDefendert.job
[2013/06/13 16:19:47 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Mona\defogger_reenable
[2013/06/13 16:17:16 | 000,609,336 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\setup.exe
[2013/06/13 13:28:37 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/06/13 13:26:52 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/06/13 12:11:25 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2013/06/13 11:38:09 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\BookME.lnk
[2013/06/13 08:32:59 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/13 08:32:59 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/13 08:04:42 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Mona\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/12 08:18:37 | 000,513,897 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\joyland_king_stephen.epub
[2013/06/12 07:57:31 | 000,414,690 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\criminal_slaughter_karin.epub
[2013/06/12 07:19:42 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\calibre - E-book management.lnk
[2013/06/12 07:02:42 | 002,902,836 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\calibre_das_e_book_multi_tool_das_grosse_handbuch_.epub
[2013/06/12 04:07:16 | 003,383,001 | R--- | C] () -- C:\Documents and Settings\Mona\Desktop\The_Polyglot_Project.pdf
[2013/06/11 04:50:30 | 020,412,287 | ---- | C] () -- C:\Documents and Settings\Mona\My Documents\Modernes_Webdesign_mit_CSS_-_Schritt_fuer_Schrit_nodrm.pdf
[2013/06/11 03:39:29 | 000,012,991 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\testt.jpg
[2013/06/10 06:34:35 | 000,040,590 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\Strommast.jpg.gif
[2013/06/09 21:23:18 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite.lnk
[2013/06/09 21:22:24 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to RosettaStoneVersion3.exe.lnk
[2013/06/09 20:12:01 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Mona\My Documents\ax_files.xml
[2013/06/07 17:38:50 | 000,328,574 | ---- | C] () -- C:\Documents and Settings\Mona\Desktop\ich_koch_dich_tot_k_ein_liebes_roman_berg_ellen.epub
[2013/06/06 15:54:21 | 000,000,108 | -H-- | C] () -- C:\Documents and Settings\Mona\Desktop\.~lock.Scribus.odt#
[2013/05/17 01:35:05 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Microsoft\Internet Explorer\Quick Launch\Dropbox.lnk
[2012/11/16 21:56:04 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Mona\.recently-used.xbel
[2012/05/25 11:35:23 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/05/17 22:55:08 | 000,002,374 | ---- | C] () -- C:\WINDOWS\MANUTIUS.INI
[2012/04/25 17:51:45 | 000,402,235 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\SearchDial.crx
[2012/03/15 12:05:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/15 03:25:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\06224bc38b738610a3c7ae371476c97f_c
[2012/02/16 03:45:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 14:51:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2012/02/09 14:25:01 | 000,843,776 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2012/02/09 14:25:00 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2012/02/09 14:24:56 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2012/02/09 14:24:55 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2012/02/09 14:24:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2012/02/09 14:24:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2011/09/01 15:59:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\PUTTY.RND
[2011/08/29 02:43:38 | 000,003,088 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/08/29 02:43:38 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\688625C979.sys
[2011/05/15 13:37:12 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 05:21:48 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mona\Application Data\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2010/12/09 17:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{82bb308a-83b0-977a-405c-61167da674d4}\@
[2010/12/09 17:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{82bb308a-83b0-977a-405c-61167da674d4}\L
[2012/12/28 16:42:45 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{82bb308a-83b0-977a-405c-61167da674d4}\U
[2012/12/05 13:51:24 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\{82bb308a-83b0-977a-405c-61167da674d4}\@
[2010/12/09 17:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mona\Local Settings\Application Data\{82bb308a-83b0-977a-405c-61167da674d4}\L
[2010/12/09 17:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mona\Local Settings\Application Data\{82bb308a-83b0-977a-405c-61167da674d4}\U
[2011/05/03 04:01:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 15:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/12 07:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AllMyBooks
[2011/05/19 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2013/06/13 16:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/06/13 13:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender
[2011/05/03 05:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/06/09 20:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/10/22 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2011/05/04 13:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF
[2011/05/04 20:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF 4
[2011/05/04 13:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
[2011/05/19 03:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2011/10/15 13:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/08/28 19:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/06/13 10:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/05/03 05:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/13 07:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVgenial
[2011/10/15 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/02/09 14:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\webcam 7
[2011/05/03 05:20:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012/10/20 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\7-PDFWebsiteConverter
[2011/05/27 19:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Amazon
[2011/05/19 04:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\AutoHideIP
[2013/06/13 16:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\BabSolution
[2013/06/13 16:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Babylon
[2013/06/12 07:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\calibre
[2011/05/28 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/04 17:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\com.adobe.dmp.contentviewer
[2013/06/09 20:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\DAEMON Tools Lite
[2013/03/15 22:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\DDMSettings
[2013/06/13 16:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Dropbox
[2012/01/03 03:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\DVDVideoSoft
[2011/10/22 13:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\elsterformular
[2012/02/15 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\EssentialPIM
[2011/05/04 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\eXPert PDF Editor
[2013/03/25 02:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\FileZilla
[2012/05/19 22:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Foxit Software
[2011/05/19 03:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\FreeHideIP
[2011/05/04 14:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Games
[2011/05/09 13:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\GetRightToGo
[2012/05/16 23:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Greyfirst
[2012/07/02 01:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\gtk-2.0
[2012/04/25 17:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\HTML Executable
[2011/12/07 04:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\inkscape
[2011/05/14 13:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\KeePass
[2012/05/01 02:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Lernkartei
[2011/05/02 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\LibreOffice
[2012/05/01 03:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\MemoryLifter
[2011/05/22 22:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Mobipocket
[2011/05/03 21:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Notebook Hardware Control
[2013/06/12 07:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Obsidium
[2013/06/13 09:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Opera
[2012/05/17 00:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Papyrus Autor
[2013/06/12 07:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\saSoftware
[2013/05/18 03:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Scribus
[2012/03/02 01:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Spacejock Software
[2012/05/18 00:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\SystemUpdaterApp
[2011/05/04 20:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Thunderbird
[2012/03/14 23:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\TuneUp Software
[2011/05/14 13:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Weaverslave
[2012/05/18 02:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\Writer's Cafe 2
[2012/05/25 11:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mona\Application Data\XnView

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB40659$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

extras.txt

OTL Extras logfile created on: 13/06/2013 16:40:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mona\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.05 Mb Total Physical Memory | 442.71 Mb Available Physical Memory | 43.66% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 26.52 Gb Free Space | 35.58% Space Free | Partition Type: NTFS

Computer Name: I | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [Bridge] -- F:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{18355D5F-FABE-49A2-B359-92020DBD51B1}" = Corel DESIGNER Technical Suite X4 - Windows Shell Extension
"_{870DCAE9-E488-48C9-A512-F67914695750}" = Corel DESIGNER Technical Suite X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E95DA08-2514-4399-AD87-349C350FA9DE}" = Intel(R) PROSet/Wireless WiFi-Software
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{1635620D-E548-406C-A74E-7492DC23AE71}" = Corel Designer Technical Suite X4 - IPM
"{18355D5F-FABE-49A2-B359-92020DBD51B1}" = Corel DESIGNER Technical Suite X4 - Windows Shell Extension
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{230442A6-5D8E-468D-9142-1CE0C11CB044}" = Visual Basic for Applications (R) Core - German
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216029F0}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BF317C6-64FF-4931-91B3-6DE4BD5989C8}" = Corel DESIGNER Technical Suite X4 - Lang DE
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{55638FF1-18DA-4440-B457-2670BF3E39C6}" = Mathematik 5 und 6
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D63CBA6-3563-45E7-8D0C-97E92259542D}" = Visual Basic for Applications (R) Core
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{784218A0-6164-42DC-A17C-78C693327073}" = LibreOffice 3.4 Help Pack (German)
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870DCAE9-E488-48C9-A512-F67914695750}" = Corel DESIGNER Technical Suite X4 - ICA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB86A32-E255-40F8-97CD-F65FD7BA5180}" = Visual Basic for Applications (R) Core - English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0FE14F0-85BB-4CBF-A7C5-FE95475C1D1B}" = Corel DESIGNER Technical Suite X4 - Lang EN
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4C8C083-F1F2-4BA5-9863-D52A34B4ED22}" = LibreOffice 3.4
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4328CA9-E332-456F-B68D-3D3DE90E50B5}" = calibre
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E9E9C6AE-1D9D-4A6F-B5F4-AA673E9861BD}" = Deep Exploration 5 CE
"{EC421A14-0A27-44A1-BB85-21605935F15A}" = Corel DESIGNER Technical Suite X4
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EF147A9D-D94E-4875-910D-2AF98CBDFE2E}" = Corel DESIGNER Technical Suite X4 - Lang FR
"{F3220F3E-3B12-4B65-861D-B8EFCCA44A39}" = VideoCAM Trek
"{FD95FDC1-418F-4C6A-B8B8-658707875D59}" = Corel DESIGNER Technical Suite X4 - VBA
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Ampps_is1" = Ampps 1.9
"BookME_is1" = BookME 4.6.0.1
"CamStudio" = CamStudio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit Reader_is1" = Foxit Reader
"FoxyDeal" = FoxyDeal
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"GPL Ghostscript 9.06" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"KeePass Password Safe_is1" = KeePass Password Safe 1.19b
"Kopfrechnen trainieren_is1" = Kopfrechnen trainieren 2.0
"lrcfan@fansoft.br" = Lyrics Fan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 15.0" = RealPlayer
"Scribus 1.4.1" = Scribus 1.4.1
"Scrivener 1030" = Scrivener
"Sigil_is1" = Sigil 0.5.3
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer's Café_is1" = Writer's Café 2.30
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.98.1
"yWriter5_is1" = yWriter5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"KindlePreviewer" = Kindle Previewer
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2013 20:54:39 | Computer Name = I | Source = Google Update | ID = 20
Description =

Error - 17/05/2013 16:53:47 | Computer Name = I | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 27/05/2013 15:48:26 | Computer Name = I | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 06/06/2013 09:55:42 | Computer Name = I | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 3.4.602.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/06/2013 13:14:47 | Computer Name = I | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 09/06/2013 13:14:47 | Computer Name = I | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 09/06/2013 13:51:33 | Computer Name = I | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 09/06/2013 13:52:03 | Computer Name = I | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 13/06/2013 03:22:11 | Computer Name = I | Source = MsiInstaller | ID = 11325
Description = Produkt: Duden-Bibliothek -- Fehler 1325. "Programme" ist kein gültiger
kurzer Dateiname.

Error - 13/06/2013 03:37:32 | Computer Name = I | Source = MsiInstaller | ID = 11325
Description = Produkt: Duden-Bibliothek -- Fehler 1325. "Programme" ist kein gültiger
kurzer Dateiname.

[ System Events ]
Error - 13/06/2013 10:22:37 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:27:23 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:27:29 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:27:31 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:33:34 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:45:00 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:51:00 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:52:57 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 10:58:06 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 13/06/2013 11:02:28 | Computer Name = I | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

< End of report >

gmer.exe

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-13 17:56:16
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS542580K9SA00 rev.BBBOC39P 74.53GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\Mona\LOCALS~1\Temp\pxtdrpob.sys

---- Kernel code sections - GMER 2.1 ----

.rdata C:\WINDOWS\system32\DRIVERS\mrxsmb.sys unknown last section [0xA9893000, 0x267B, 0x48000040]
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\winlogon.exe[156] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\services.exe[260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\lsass.exe[280] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\ctfmon.exe[460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 00C7000A
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00C6000A
.text C:\WINDOWS\System32\svchost.exe[1552] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1576] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1712] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\PDF24\pdf24.exe[1772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00984970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2308] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2368] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 10004970 c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
.text ...

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84f87698]<< 84f87698
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86549ab8] 86549ab8
Trace 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> [0x84f32a70] 84f32a70
Trace \Driver\00001468[0x8623ba30] -> IRP_MJ_CREATE -> 0x84f87698 84f87698

---- Modules - GMER 2.1 ----

Module (noname) (*** hidden *** ) AA358000-AA36E000 (90112 bytes)

---- Processes - GMER 2.1 ----

Process C:\WINDOWS\System32\svchost.exe (*** hidden *** ) 1552

---- EOF - GMER 2.1 ----

Ich wünsche allen einen sonnigen Donnerstag.

text enhance, Weiterleitungen von Google Links und Suchmaschinen-Plugin

Log-Analyse und Auswertung: text enhance, Weiterleitungen von Google Links und Suchmaschinen-Plugin

text enhance, Weiterleitungen von Google Links und Suchmaschinen-Plugin

Ähnliche Themen: text enhance, Weiterleitungen von Google Links und Suchmaschinen-Plugin