iexplore.exe im Taskmanager

Rin.T · 23.05.2011, 20:16

Hallo zusammen,

Gestern Nacht habe ich im Taskmanager nachgeschaut und 2mal iexplore.exe entdeckt. Zurzeit benütze ich nur Firefox, ich habe es versucht die beide Prozesse zu beenden aber später taucht es wieder auf. Wenn ich die beide Prozesse nicht beende spielt im Hintergrund irgendein Werbung an, das stört richtig beim Musik hören.

Meine Antivirus-Programme haben nichts weitergeholfen, ich habe auch nach Beiträgen gesucht ohne Erfolg. Aber eines möchte ich nur Wissen wie ich es entfernen kann.

Ich hoffe ihr könnt mir helfen, danke!

kira · 23.05.2011, 21:45

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► Woher hast Du das Programm "Adobe Photoshop CS3"?

1.
Malwarebytes Anti-Malware :
Hast Du alle vorhandenen Protokolle gepostet?

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Rin.T · 23.05.2011, 23:20

Danke für die Antwort!

► Ich habe das von mein ältere Bruder.

1. Ja

2. OTL-Logfile

Code:

ATTFilter

OTL logfile created on: 23.05.2011 23:46:49 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 226,73 Mb Available Physical Memory | 23,78% Memory free
2,29 Gb Paging File | 1,15 Gb Available in Paging File | 50,42% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,31 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
PRC - [2011.04.30 04:38:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.02.07 16:00:18 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Irene\Program Files\DNA\btdna.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.17 01:36:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.19 04:00:01 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.13 22:46:27 | 000,002,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv)
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.08 16:08:58 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.05.20 21:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.15 13:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npkcrypt.sys -- (npkcrypt)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C EA ED 77 D2 6B CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: betterkongregate@matthewammann.com:3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
 
[2009.08.23 15:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Extensions
[2011.05.23 23:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions
[2010.05.19 20:12:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.14 19:00:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.04 14:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.07.22 03:40:41 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2011.04.13 20:09:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.13 20:09:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.04 14:58:50 | 000,000,000 | ---D | M] (Better Kongregate) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\betterkongregate@matthewammann.com
[2011.05.02 15:10:03 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\multilinks@plugin
[2010.11.17 20:53:57 | 000,002,567 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml
[2010.04.14 13:57:32 | 000,001,827 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\bing.xml
[2009.10.01 01:38:10 | 000,000,886 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml
[2010.01.22 14:37:53 | 000,002,280 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\google-und-download-suche.xml
[2010.12.09 19:16:46 | 000,010,017 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml
[2010.06.02 17:48:13 | 000,001,741 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\search-the-web.xml
[2011.05.23 22:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 19:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.30 22:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.05.23 20:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\IRENE\PROGRAM FILES\DNA
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Irene\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 212.186.211.21 195.34.133.21 195.34.133.22
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 20:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.23 19:15:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:29:25 | 000,000,000 | ---D | C] -- C:\Users\Irene\{fcafd724-883f-4929-83a5-90f16d6cdb64}
[2011.05.23 18:05:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.05.23 18:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011.05.23 18:02:38 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 17:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011.05.23 15:45:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.22 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.22 20:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.19 14:54:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.30 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.30 22:21:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.30 00:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.30 00:10:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.30 00:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.28 14:52:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 14:52:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 14:51:39 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.23 23:47:32 | 000,002,097 | R--- | M] () -- C:\Users\Irene\Desktop\hjtscanlist.zip
[2011.05.23 23:41:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.23 22:18:04 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 22:18:04 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 20:21:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2011.05.23 20:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 20:17:51 | 998,313,984 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:15:13 | 000,001,190 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2011.05.23 18:07:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:02:38 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 15:45:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 15:45:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:45:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:18 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.21 19:08:35 | 002,093,056 | ---- | M] () -- C:\Users\Irene\Desktop\CM.sai
[2011.05.19 14:54:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.18 09:14:48 | 000,000,482 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.04.30 00:12:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:01 | 000,000,136 | ---- | M] () -- C:\ProgramData\~32366344
[2011.04.29 21:09:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32366344r
[2011.04.29 20:11:43 | 000,000,336 | ---- | M] () -- C:\ProgramData\32366344
[2011.04.29 20:04:24 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.27 20:34:08 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.27 20:34:07 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.27 20:34:07 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.27 20:34:07 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.05.23 23:47:58 | 000,002,097 | R--- | C] () -- C:\Users\Irene\Desktop\hjtscanlist.zip
[2011.05.23 18:07:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:06:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.05.23 16:05:34 | 000,000,917 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.23 15:45:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:11:38 | 998,313,984 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.21 18:36:23 | 002,093,056 | ---- | C] () -- C:\Users\Irene\Desktop\CM.sai
[2011.04.30 00:12:20 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:00 | 000,000,152 | ---- | C] () -- C:\ProgramData\~32366344r
[2011.04.29 21:09:00 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32366344
[2011.04.29 20:11:43 | 000,000,336 | ---- | C] () -- C:\ProgramData\32366344
[2011.04.29 20:04:24 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.01.12 11:11:32 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.01.12 11:11:30 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.01.12 11:11:28 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.01.12 10:36:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.06 17:25:43 | 000,001,190 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.09.13 17:51:55 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.08.03 18:39:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 14:38:31 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 12:14:50 | 000,000,035 | ---- | C] () -- C:\Windows\Weather.Ini
[2010.03.14 19:29:25 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010.02.26 21:00:16 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.02.26 20:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.02.26 20:54:41 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.26 20:54:29 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.07 19:39:32 | 000,006,080 | ---- | C] () -- C:\Users\Irene\AppData\Local\d3d9caps.dat
[2010.01.24 19:49:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.01.23 00:36:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.18 18:53:04 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.16 17:48:23 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.13 21:50:03 | 000,005,840 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\UserTile.png
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.15 16:06:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.15 16:06:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.05 19:44:14 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.10.08 14:55:28 | 000,000,482 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.11 00:18:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 00:18:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.13 02:23:29 | 000,000,090 | ---- | C] () -- C:\Windows\System32\EUSOFT.SYS
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.25 18:33:03 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.07.25 00:43:22 | 000,000,811 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.07.24 16:14:40 | 000,000,080 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\wklnhst.dat
[2009.06.21 01:33:55 | 000,007,168 | ---- | C] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.04 15:30:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.01 00:24:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.03.01 00:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.17 17:43:46 | 000,589,824 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2008.11.27 06:24:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008.11.27 06:24:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.15 03:41:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.08.08 20:44:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.08.08 11:30:05 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 10:21:25 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,481,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.11.27 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\App Launcher Gadget
[2011.05.23 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DNA
[2011.04.16 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2010.08.03 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.16 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Facebook
[2011.03.09 23:32:12 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\FontCreator
[2010.10.03 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\gtk-2.0
[2009.07.27 02:59:13 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\InterVideo
[2010.01.11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\NCH Swift Sound
[2009.11.15 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\PC Suite
[2010.07.28 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Sierra
[2010.05.17 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\SYSTEMAX Software Development
[2010.02.15 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Template
[2011.01.09 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Unity
[2010.09.26 02:06:14 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WinMPG
[2010.10.04 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WTouch
[2010.05.04 21:05:07 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2011.05.23 20:16:52 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 23.05.2011 23:46:49 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 226,73 Mb Available Physical Memory | 23,78% Memory free
2,29 Gb Paging File | 1,15 Gb Available in Paging File | 50,42% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,31 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B62C7B46-36D5-4821-A8F5-AF5ED4526CA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DD88B457-03BD-4707-A004-C0ED5B1C4AD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C6D448-CCF7-4C00-A67D-2E3524687452}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{0790089F-AA8C-4E5F-B4F8-C3FE6B5A81E9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{087627E0-83FD-42D2-A386-BCF40B77F03F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E58A0A5-4C9C-4788-BB99-117685A96464}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{12495251-71AE-4DED-A963-D65C68C56A6A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{1B0F7E47-896B-4C0A-A882-2FCA86E9964E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{40AD01C3-8D43-4CF7-BF07-4CDA6A0D0519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{43CD71B8-CE2D-4A03-B91D-D9A24D41DA37}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{57529B4C-CA3F-43C3-A21B-DF7073FC0C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{57F8DD6C-23D8-4740-B9FA-5806538AA216}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5A0338E7-3D0B-4DE6-B9F8-F73D7DFDD792}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5FBA5F8B-74FA-405F-AAD3-1EC7215BBA91}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{67392AE3-C899-42EF-AF58-873D97B2BCC8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BCB72CB-B4F2-4C16-A622-ED8CFC1A14BC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{714A1D63-D3BF-49F5-88D8-7A0A029FC0A0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{870A1CD7-90B8-45E1-8945-3081C50CC75E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{8C3B5583-9234-4389-A125-2ED19B3C652F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{91BD3F58-C642-4CAA-B950-B34676AEB8D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{93E33A36-46FC-416B-AABD-881E6F54F880}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{94EFF76D-B7D9-4278-9DFB-66A49717D0A5}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{9710E36F-67AA-4040-B679-5A8247B0CF82}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A2703811-CEF0-4B70-B8B9-C1B3452D7D5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AB85559E-145E-471F-986D-087D8576D400}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B50BF2B8-F2D7-49F1-A770-797E515F98BB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B6F8C181-C507-42C6-9881-415BD34E46C6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BD2ECE45-FE22-4A7C-B002-85FCB11F4743}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C9C5C08F-CBA8-46C6-8CB0-1E8AE6C64A4A}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{CC7CFC7A-3896-4421-BC38-3EE7EBE89F89}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CE5666A7-F343-4452-AA15-7E487687FFD3}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{CE9AF69A-AAD0-4BA3-96E6-26634BCA6034}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{CEF2FBBC-41DB-4358-AB01-52B4B615F8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{CF753184-FB85-4388-AF1D-1ABB56928CE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F036BE76-6F28-4649-BE54-E8B882DACAEF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F62A4492-031A-4DD7-85FB-2743A003953D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F9BFF757-9EA3-4AFA-8B2A-D8744F41B32B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{02965AF5-ECF9-4784-B444-40979A80487C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{04010334-3242-4687-96D5-2883C103B8FD}C:\program files\irisnotes\easy note taker.exe" = protocol=6 | dir=in | app=c:\program files\irisnotes\easy note taker.exe | 
"TCP Query User{049A89EB-4581-450E-94C1-762303AB9B09}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{1330EEC4-2CDC-4406-8EA4-E29334D28667}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"TCP Query User{1ABF0AC5-83D2-42CE-8989-420FED880119}C:\program files\weltwunder\game.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\game.exe | 
"TCP Query User{2173C38E-5E49-452F-89C5-C0021042B9F7}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"TCP Query User{288335AA-542A-4EDA-9DCE-F4A8A4471E49}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{304F9926-5E45-4380-A905-73D1530EC12C}C:\users\irene\downloads\dragonoath.exe" = protocol=6 | dir=in | app=c:\users\irene\downloads\dragonoath.exe | 
"TCP Query User{33975C40-C224-4746-B9A1-5C1733A55BC0}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{37942AE9-7889-4194-8A56-2C58E8BA941E}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=6 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe | 
"TCP Query User{3D26E38A-2B61-4AF8-A98A-F0F1C2D7DE89}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"TCP Query User{47322C84-8FA1-4EBC-B9F8-9B49F6F138F1}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{59708A26-D025-4EB0-BD44-8242A85CD104}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe | 
"TCP Query User{5B214D58-A7BA-418B-AB55-7930C40BD801}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=6 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe | 
"TCP Query User{5F6CD87E-60D1-43DF-A0A2-9A6F2EDACB19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{70B0754C-A6E8-4AF1-B399-DF6DB0894BE5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{72D80BAE-36DF-49C0-BC17-719EEB6CF9F7}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"TCP Query User{7CD6E412-9A26-41CB-87A8-3EF2A9CB13FD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8453D2F3-A324-41BF-BD70-41A3063ECC60}C:\program files\weltwunder\gamemp.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\gamemp.exe | 
"TCP Query User{86FE2CBD-AFAB-49BA-9B08-B45FE6A22BA2}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{98214D9E-DCD9-4F1A-BE08-3E2E6AAC116F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{A1513D5C-FEAB-4403-8998-85FB4116F4D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A67198B2-4C81-4A51-B42D-704060B0C701}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{AAA966B7-896B-4B75-930F-684F31626925}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{B4748A90-2B95-4FCF-BE6C-A1CF1A406C0E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"TCP Query User{D37C86A8-803B-46F9-9DA2-08AEEB9A3410}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DA9D4871-2D8E-4235-AD48-6F408B71050E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"TCP Query User{EE9D07A1-B34A-478F-88A9-2DF58B66B010}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{F80066FF-DDEF-405B-A02F-FDB249447618}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{02B9A706-BC3C-48B2-8ABF-73756EDD5916}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{196F38D2-EAEB-43E4-BDDD-36073195A32F}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"UDP Query User{233A6CDB-1329-40D9-8236-C7A24DF268F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{26221FBF-9514-4331-9EB0-BA916B066BDF}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe | 
"UDP Query User{2B7AE3B8-7BBB-42B4-B18A-8E69435FB1F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{2E2CF505-6B9C-46E0-9CD1-4B3B777A8068}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{3A63A381-C6DB-4941-981F-A76D9659F44C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{3AC1B626-9504-4AED-9184-AB1E412E65B3}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"UDP Query User{5AF98240-79C0-4E45-942E-3769895855CC}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{66CE66A2-E660-4A54-9409-8E2F4FC722CA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7018DF44-B787-476C-85B6-C6DC984664FD}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"UDP Query User{7EBE9ED0-8684-409F-88DE-C23FC0CB60D7}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{8856A8C9-A910-4005-9846-5C8856D9EBBB}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{943CA8A9-9EC6-4417-BC51-9D507A1706CC}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"UDP Query User{9FA55788-1D4F-4EDE-A001-56DCBA81A649}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A35A0774-4009-4E64-9086-2CC5985CB9D8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{A5CCE7C1-EFEB-49B4-B478-EA556E4792B7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B2BBB383-91A7-49E4-AF2D-47C64AE83589}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{B8DA9F0C-6553-487D-9AEC-C8B101783846}C:\program files\weltwunder\game.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\game.exe | 
"UDP Query User{BF1E9F59-F0A7-42C3-9DEB-BA4D139FB127}C:\program files\weltwunder\gamemp.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\gamemp.exe | 
"UDP Query User{BFB1EDE0-CE81-4D4B-BDF8-21CB3C7421CD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{C42BC2B8-5D46-4C7E-8C92-A7F9E400DB8A}C:\program files\irisnotes\easy note taker.exe" = protocol=17 | dir=in | app=c:\program files\irisnotes\easy note taker.exe | 
"UDP Query User{C4891A16-CAA0-40D1-866C-346BA017E9A3}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=17 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe | 
"UDP Query User{C4EB875A-45F1-4F8D-AE8F-E035A3834F12}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CFC18456-BC29-4B84-8E5F-6BDB3985781C}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"UDP Query User{D9C64937-B67F-4C24-8DC1-AB9C3E7188E8}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"UDP Query User{DBEE5BCD-40EA-4F2D-9406-5A1992F5DAE6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{F8FF90E6-5977-46BA-B985-589E3C26FB21}C:\users\irene\downloads\dragonoath.exe" = protocol=17 | dir=in | app=c:\users\irene\downloads\dragonoath.exe | 
"UDP Query User{FD9C52FB-B090-4189-A10C-EE6B57AA6E2A}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=17 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP4 Media Player_is1" = MP4 Media Player 1.0
"Neffy" = Neffy 1,3,29,0
"npkcxp" = nProtect KeyCrypt
"Pen Tablet Driver" = Stifttablett
"Red Alert" = Red Alert Windows 95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 9.1.6.0
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2011 10:31:04 | Computer Name = Irene-PC | Source = VSS | ID = 8194
Description = 
 
Error - 08.02.2011 10:35:07 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2011 07:32:45 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2011 13:11:36 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0xbcc, Anwendungsstartzeit
 01cbc84eda4ea05a.
 
Error - 10.02.2011 06:19:36 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2011 08:47:29 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0x56c, Anwendungsstartzeit
 01cbc90e3de768a0.
 
Error - 11.02.2011 08:47:52 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 10:32:12 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 16:20:34 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 16:48:15 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x490, Anwendungsstartzeit
 01cbca2b83530101.
 
[ System Events ]
Error - 23.05.2011 12:14:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.05.2011 12:14:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.05.2011 12:19:32 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 23.05.2011 12:24:50 | Computer Name = Irene-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 23.05.2011 12:32:35 | Computer Name = Irene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.05.2011 um 18:30:23 unerwartet heruntergefahren.
 
Error - 23.05.2011 12:34:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.05.2011 12:34:18 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.05.2011 14:14:08 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.05.2011 14:19:34 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.05.2011 14:19:34 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Rin.T · 23.05.2011, 23:47

3. HTLscanlist

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  23.05.2011 23:44     C:\Program Files --------- 28672   
  23.05.2011 23:44     C:\System Volume Information --------- 28672   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  23.05.2011 20:16     C:\Windows --------- 32768   
  23.05.2011 20:13     C:\_OTL --------- 0   
  23.05.2011 17:50     C:\ProgramData --------- 20480   
  29.04.2011 22:55     C:\Download --------- 0   
  08.03.2011 13:20     C:\Intel --------- 0   
  18.11.2010 18:38     C:\Users --------- 4096   
  30.09.2010 13:47     C:\7ac70b5c6f4b506dccb780 --------- 0   
  10.09.2010 17:40     C:\Boot --------- 4096   
  11.08.2010 15:06     C:\found.000 --------- 0   
  26.06.2010 12:07     C:\7cd57655cfd7b43728917d9e63 --------- 0   
  13.03.2010 21:50     C:\Shockwave --------- 0   
  19.12.2009 22:40     C:\Medion --------- 0   
  19.12.2009 21:50     C:\NVIDIA --------- 0   
  05.11.2009 19:42     C:\IO.SYS --------- 0   
  05.11.2009 19:42     C:\MSDOS.SYS --------- 0   
  04.06.2009 15:20     C:\$Recycle.Bin --------- 4096   
  04.06.2009 15:20     C:\ACER --------- 4096   
  04.06.2009 15:19     C:\ACERSW --------- 0   
  04.06.2009 15:17     C:\Programme --------- 0   
  04.06.2009 15:17     C:\Dokumente und Einstellungen --------- 0   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  01.03.2009 00:27     C:\vcredist_x86.log --------- 472006   
  08.08.2008 20:46     C:\BOOTSECT.BAK --------- 8192   
  08.08.2008 12:13     C:\book --------- 0   
  08.08.2008 11:55     C:\MSOCache --------- 0   
  08.08.2008 11:30     C:\RHDSetup.log --------- 426   
  21.01.2008 04:43     C:\PerfLogs --------- 0   
  02.11.2006 14:59     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  23.05.2011 20:24     C:\Windows\WindowsUpdate.log --------- 1413018   
  23.05.2011 20:17     C:\Windows\bootstat.dat --------- 67584   
  23.05.2011 20:17     C:\Windows\PFRO.log --------- 2364   
  23.05.2011 18:07     C:\Windows\setupact.log --------- 1671   
  23.05.2011 18:05     C:\Windows\setuperr.log --------- 0   
  23.05.2011 15:48     C:\Windows\IE9_main.log --------- 3554   
  23.05.2011 14:29     C:\Windows\ntbtlog.txt --------- 50928   
  18.05.2011 09:14     C:\Windows\WININIT.INI --------- 482   
  07.02.2011 17:08     C:\Windows\NTIWVEDT.INI --------- 811   
  22.07.2010 22:29     C:\Windows\ULead32.ini --------- 89   
  12.05.2010 18:24     C:\Windows\Setup1.exe --------- 253952   
  12.05.2010 18:24     C:\Windows\ST6UNST.EXE --------- 74752   
  17.04.2010 02:45     C:\Windows\WLXPGSS.SCR --------- 307056   
  10.04.2010 12:14     C:\Windows\Weather.Ini --------- 35   
  26.02.2010 21:10     C:\Windows\Robota.INI --------- 28   
  26.02.2010 20:57     C:\Windows\mgxoschk.ini --------- 6211   
  24.01.2010 19:49     C:\Windows\d3dx.dat --------- 4096   
  24.01.2010 19:44     C:\Windows\eReg.dat --------- 525   
  23.01.2010 00:36     C:\Windows\ODBCINST.INI --------- 209   
  25.11.2009 18:41     C:\Windows\iun6002.exe --------- 737280   
  26.07.2009 00:21     C:\Windows\popcinfo.dat --------- 26   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  01.03.2009 00:16     C:\Windows\LManager.UNI --------- 83   
  09.12.2008 03:32     C:\Windows\MOD01SET000000007O.enc --------- 1976   
  09.12.2008 03:31     C:\Windows\CSUP.TXT --------- 10   
  15.08.2008 07:03     C:\Windows\MOD01SET1W0000000M.enc --------- 2424   
  15.08.2008 07:03     C:\Windows\FixAudio.cmd --------- 280   
  15.08.2008 03:31     C:\Windows\FixVolume.cmd --------- 75   
  08.08.2008 12:16     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 24444928   
  08.08.2008 12:16     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 131072   
  08.08.2008 12:16     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  08.08.2008 11:30     C:\Windows\DIFxAPI.dll --------- 319456   
  08.08.2008 11:29     C:\Windows\HideWin.exe --------- 315392   
  14.07.2008 12:02     C:\Windows\MOD01SET0J00860005.enc --------- 2060   
  27.06.2008 12:33     C:\Windows\SkyTel.exe --------- 1826816   
  27.06.2008 12:33     C:\Windows\RtlUpd.exe --------- 1196032   
  27.06.2008 12:33     C:\Windows\RtHDVCpl.exe --------- 6244896   
  27.06.2008 12:33     C:\Windows\RtDefLvl.ini --------- 1694   
  27.06.2008 12:33     C:\Windows\USetup.iss --------- 553   
  27.06.2008 12:33     C:\Windows\RTKVADDA.EXE --------- 290816   
  27.06.2008 12:33     C:\Windows\RtlExUpd.dll --------- 520192   
  11.06.2008 07:55     C:\Windows\MOD01OPK0400860001.enc --------- 2400   
  20.05.2008 21:39     C:\Windows\audio.reg --------- 196   
  21.01.2008 04:57     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 04:34     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 04:34     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 04:34     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 04:33     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 04:33     C:\Windows\notepad.exe --------- 151040   
  03.12.2007 09:11     C:\Windows\UNINST32.EXE --------- 207368   
  02.11.2006 15:01     C:\Windows\win.ini --------- 144   
  02.11.2006 14:34     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:33     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:33     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:33     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:33     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomeBasic.xml --------- 8286   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  16.11.1998 18:16     C:\Windows\RAUNINST.EXE --------- 88576   
  21.10.1998 18:43     C:\Windows\IsUn0407.exe --------- 328704   
  11.11.1997 23:33     C:\Windows\IsUninst.exe --------- 317440   
  08.04.1997 21:08     C:\Windows\uninst.exe --------- 299520   
  01.08.1995 04:44     C:\Windows\PCDLIB32.DLL --------- 212480   
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:33      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:33      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:33      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:33      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:33      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:33      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 23.05.2011 22:18     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 23.05.2011 22:18     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 23.05.2011 18:15     C:\Windows\system32\Pen_Tablet.dat --------- 1190  
 23.05.2011 18:10     C:\Windows\system32\drivers --------- 81920  
 23.05.2011 18:10     C:\Windows\system32\wbem --------- 65536  
 23.05.2011 18:07     C:\Windows\system32\catroot --------- 4096  
 23.05.2011 18:02     C:\Windows\system32\WdfCoInstaller01009.dll --------- 1461992  
 23.05.2011 18:02     C:\Windows\system32\SynTPCo4.dll --------- 120104  
 23.05.2011 18:02     C:\Windows\system32\SynTPAPI.dll --------- 161064  
 23.05.2011 18:02     C:\Windows\system32\SynCtrl.dll --------- 210216  
 23.05.2011 18:02     C:\Windows\system32\SynCOM.dll --------- 173352  
 23.05.2011 17:50     C:\Windows\system32\Tasks --------- 0  
 23.05.2011 15:49     C:\Windows\system32\de-DE --------- 262144  
 23.05.2011 15:49     C:\Windows\system32\migration --------- 0  
 23.05.2011 15:49     C:\Windows\system32\en-US --------- 8192  
 23.05.2011 15:47     C:\Windows\system32\catroot2 --------- 4096  
 23.05.2011 15:45     C:\Windows\system32\icrav03.rat --------- 8798  
 23.05.2011 15:45     C:\Windows\system32\ticrf.rat --------- 1988  
 23.05.2011 15:45     C:\Windows\system32\msls31.dll --------- 161792  
 23.05.2011 15:45     C:\Windows\system32\wininet.dll --------- 1126912  
 23.05.2011 15:45     C:\Windows\system32\jsproxy.dll --------- 65024  
 23.05.2011 15:45     C:\Windows\system32\iertutil.dll --------- 1785344  
 23.05.2011 15:45     C:\Windows\system32\msrating.dll --------- 162304  
 23.05.2011 15:45     C:\Windows\system32\urlmon.dll --------- 1102336  
 23.05.2011 15:45     C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752  
 23.05.2011 15:45     C:\Windows\system32\SetIEInstalledDate.exe --------- 76800  
 23.05.2011 15:45     C:\Windows\system32\mshtmler.dll --------- 48640  
 23.05.2011 15:45     C:\Windows\system32\iesysprep.dll --------- 86528  
 23.05.2011 15:45     C:\Windows\system32\ieui.dll --------- 176640  
 23.05.2011 15:45     C:\Windows\system32\ieframe.dll --------- 9702400  
 23.05.2011 15:45     C:\Windows\system32\tdc.ocx --------- 63488  
 23.05.2011 15:45     C:\Windows\system32\html.iec --------- 367104  
 23.05.2011 15:45     C:\Windows\system32\dxtrans.dll --------- 223232  
 23.05.2011 15:45     C:\Windows\system32\dxtmsft.dll --------- 353792  
 23.05.2011 15:45     C:\Windows\system32\ieapfltr.dat --------- 3695416  
 23.05.2011 15:45     C:\Windows\system32\ieapfltr.dll --------- 434176  
 23.05.2011 15:45     C:\Windows\system32\icardie.dll --------- 66048  
 23.05.2011 15:45     C:\Windows\system32\ie4uinit.exe --------- 74240  
 23.05.2011 15:45     C:\Windows\system32\iernonce.dll --------- 31744  
 23.05.2011 15:45     C:\Windows\system32\ieuinit.inf --------- 72822  
 23.05.2011 15:45     C:\Windows\system32\iesetup.dll --------- 74752  
 23.05.2011 15:45     C:\Windows\system32\url.dll --------- 231936  
 23.05.2011 15:45     C:\Windows\system32\iedkcs32.dll --------- 353584  
 23.05.2011 15:45     C:\Windows\system32\inetcpl.cpl --------- 1427456  
 23.05.2011 15:45     C:\Windows\system32\webcheck.dll --------- 203776  
 23.05.2011 15:45     C:\Windows\system32\licmgr10.dll --------- 23552  
 23.05.2011 15:45     C:\Windows\system32\inseng.dll --------- 78848  
 23.05.2011 15:45     C:\Windows\system32\mshtmled.dll --------- 72704  
 23.05.2011 15:45     C:\Windows\system32\wextract.exe --------- 152064  
 23.05.2011 15:45     C:\Windows\system32\iexpress.exe --------- 150528  
 23.05.2011 15:45     C:\Windows\system32\msfeeds.dll --------- 580608  
 23.05.2011 15:45     C:\Windows\system32\vbscript.dll --------- 420864  
 23.05.2011 15:45     C:\Windows\system32\mshtml.dll --------- 12268544  
 23.05.2011 15:45     C:\Windows\system32\mshtml.tlb --------- 2382848  
 23.05.2011 15:45     C:\Windows\system32\ieUnatt.exe --------- 142848  
 23.05.2011 15:45     C:\Windows\system32\occache.dll --------- 123392  
 23.05.2011 15:45     C:\Windows\system32\pngfilt.dll --------- 54272  
 23.05.2011 15:45     C:\Windows\system32\mshta.exe --------- 11776  
 23.05.2011 15:45     C:\Windows\system32\admparse.dll --------- 101888  
 23.05.2011 15:45     C:\Windows\system32\ieaksie.dll --------- 227840  
 23.05.2011 15:45     C:\Windows\system32\ieakui.dll --------- 163840  
 23.05.2011 15:45     C:\Windows\system32\jscript9.dll --------- 1797632  
 23.05.2011 15:45     C:\Windows\system32\jscript.dll --------- 716800  
 23.05.2011 15:45     C:\Windows\system32\imgutil.dll --------- 35840  
 23.05.2011 15:45     C:\Windows\system32\advpack.dll --------- 114176  
 23.05.2011 15:45     C:\Windows\system32\iepeers.dll --------- 118784  
 23.05.2011 15:45     C:\Windows\system32\msfeedsbs.dll --------- 41472  
 23.05.2011 15:45     C:\Windows\system32\msfeedssync.exe --------- 10752  
 23.05.2011 15:45     C:\Windows\system32\IEAdvpack.dll --------- 110592  
 23.05.2011 15:45     C:\Windows\system32\ieakeng.dll --------- 130560  
 19.05.2011 14:54     C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640  
 12.05.2011 12:38     C:\Windows\system32\mrt.exe --------- 42829768  
 30.04.2011 22:20     C:\Windows\system32\jupdate-1.6.0_25-b06.log --------- 6270  
 27.04.2011 20:34     C:\Windows\system32\perfh009.dat --------- 591320  
 27.04.2011 20:34     C:\Windows\system32\perfc009.dat --------- 103194  
 27.04.2011 20:34     C:\Windows\system32\perfh007.dat --------- 623280  
 27.04.2011 20:34     C:\Windows\system32\perfc007.dat --------- 125378  
 27.04.2011 20:34     C:\Windows\system32\PerfStringBackup.INI --------- 1432888  
 15.04.2011 17:29     C:\Windows\system32\directx --------- 0  
 15.04.2011 16:56     C:\Windows\system32\nxEuUninstall.bat --------- 235  
 14.04.2011 05:08     C:\Windows\system32\javaws.exe --------- 157472  
 14.04.2011 05:08     C:\Windows\system32\javaw.exe --------- 145184  
 14.04.2011 05:08     C:\Windows\system32\java.exe --------- 145184  
 14.04.2011 05:07     C:\Windows\system32\deployJava1.dll --------- 472808  
 13.04.2011 22:27     C:\Windows\system32\FNTCACHE.DAT --------- 481040  
 12.03.2011 23:55     C:\Windows\system32\XpsPrint.dll --------- 876032  
 10.03.2011 19:03     C:\Windows\system32\mfc42u.dll --------- 1162240  
 10.03.2011 19:03     C:\Windows\system32\mfc42.dll --------- 1136640  
 08.03.2011 13:24     C:\Windows\system32\Lang --------- 0  
 08.03.2011 13:23     C:\Windows\system32\x64 --------- 0  
 03.03.2011 17:42     C:\Windows\system32\inetcomm.dll --------- 739328  
 03.03.2011 17:40     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 03.03.2011 15:35     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 03.03.2011 15:25     C:\Windows\system32\win32k.sys --------- 2041856  
 02.03.2011 17:44     C:\Windows\system32\dnsrslvr.dll --------- 86528  
 02.03.2011 17:44     C:\Windows\system32\dnsapi.dll --------- 168448  
 24.02.2011 13:39     C:\Windows\system32\shsvcs.dll --------- 247808  
 24.02.2011 13:06     C:\Windows\system32\WindowsPowerShell --------- 0  
 22.02.2011 22:33     C:\Windows\system32\uxtheme.dll --------- 240128  
 22.02.2011 22:33     C:\Windows\system32\themeui.dll --------- 615424  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 23.05.2011 23:41     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 23.05.2011 20:21     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 23.05.2011 20:21     C:\Windows\Tasks\RegistryDoktor.job --------- 332  
 23.05.2011 20:17     C:\Windows\Tasks\SA.DAT --------- 6  
 23.05.2011 20:16     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32584  
 04.05.2010 21:05     C:\Windows\Tasks\PCConfidential.job --------- 416  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\Irene\AppData\Local\Temp

 23.05.2011 23:58     C:\Users\Irene\AppData\Local\Temp\amt.log --------- 16677  
 23.05.2011 23:56     C:\Users\Irene\AppData\Local\Temp\alm.log --------- 4130  
 23.05.2011 23:55     C:\Users\Irene\AppData\Local\Temp\TWAIN.LOG --------- 695  
 23.05.2011 23:55     C:\Users\Irene\AppData\Local\Temp\Twain001.Mtx --------- 3  
 23.05.2011 23:55     C:\Users\Irene\AppData\Local\Temp\Twunk001.MTX --------- 156  
 23.05.2011 22:49     C:\Users\Irene\AppData\Local\Temp\Twunk002.MTX --------- 0  
 23.05.2011 20:27     C:\Users\Irene\AppData\Local\Temp\jusched.log --------- 711  
 23.05.2011 20:22     C:\Users\Irene\AppData\Local\Temp\WPDNSE --------- 0  
 23.05.2011 20:21     C:\Users\Irene\AppData\Local\Temp\Low --------- 0  
 23.05.2011 20:21     C:\Users\Irene\AppData\Local\Temp\Irene.bmp --------- 31832  
 22.02.2011 22:15     C:\Users\Irene\AppData\Local\Temp\_iu14D2N.tmp --------- 1014311  
----------------------------------------

 
C:\Program Files

 23.05.2011 18:04     C:\Program Files\Synaptics --------- 0  
 23.05.2011 15:49     C:\Program Files\Internet Explorer --------- 4096  
 23.05.2011 03:28     C:\Program Files\Common Files --------- 4096  
 12.05.2011 12:38     C:\Program Files\Windows Mail --------- 4096  
 30.04.2011 22:20     C:\Program Files\Java --------- 0  
 30.04.2011 04:38     C:\Program Files\Mozilla Firefox --------- 32768  
 30.04.2011 00:12     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 29.04.2011 22:58     C:\Program Files\RegCleaner --------- 0  
 23.04.2011 14:07     C:\Program Files\Microsoft Silverlight --------- 4096  
 15.04.2011 22:24     C:\Program Files\VideoLAN --------- 0  
 25.03.2011 17:27     C:\Program Files\Cheat Engine 6 --------- 0  
 08.03.2011 13:26     C:\Program Files\Intel --------- 0  
 08.03.2011 12:56     C:\Program Files\DNA --------- 0  
 16.02.2011 18:12     C:\Program Files\Adobe --------- 4096  
 07.02.2011 16:33     C:\Program Files\InstallShield Installation Information --------- 0  
 22.01.2011 12:45     C:\Program Files\CCleaner --------- 0  
 19.01.2011 16:15     C:\Program Files\Windows Live --------- 4096  
 15.10.2010 00:55     C:\Program Files\Windows Media Player --------- 4096  
 04.10.2010 17:23     C:\Program Files\Google --------- 0  
 04.10.2010 16:50     C:\Program Files\WTouch --------- 4096  
 04.10.2010 16:49     C:\Program Files\TabletPlugins --------- 4096  
 04.10.2010 16:48     C:\Program Files\Tablet --------- 4096  
 26.09.2010 02:04     C:\Program Files\WinMPG VideoConvert --------- 0  
 13.09.2010 01:35     C:\Program Files\Windows Portable Devices --------- 0  
 10.09.2010 17:33     C:\Program Files\Windows Calendar --------- 0  
 10.09.2010 17:32     C:\Program Files\Movie Maker --------- 0  
 10.09.2010 17:32     C:\Program Files\Windows Sidebar --------- 4096  
 10.09.2010 17:32     C:\Program Files\Windows Collaboration --------- 4096  
 10.09.2010 17:32     C:\Program Files\Windows Photo Gallery --------- 4096  
 10.09.2010 17:32     C:\Program Files\Windows Defender --------- 4096  
 09.08.2010 18:36     C:\Program Files\Sierra On-Line --------- 0  
 03.08.2010 13:11     C:\Program Files\DVDVideoSoft --------- 4096  
 26.07.2010 13:07     C:\Program Files\WinRAR --------- 4096  
 16.07.2010 15:51     C:\Program Files\AC3Filter --------- 4096  
 26.06.2010 12:12     C:\Program Files\Microsoft.NET --------- 0  
 04.06.2010 18:05     C:\Program Files\Microsoft --------- 0  
 21.05.2010 18:13     C:\Program Files\MP4 Media Player --------- 0  
 13.05.2010 16:12     C:\Program Files\Neffy --------- 0  
 02.05.2010 00:38     C:\Program Files\W3i, LLC --------- 0  
 30.04.2010 18:16     C:\Program Files\Microsoft Games --------- 0  
 30.04.2010 18:06     C:\Program Files\Winamp --------- 0  
 11.04.2010 21:40     C:\Program Files\KSAW --------- 0  
 26.02.2010 21:36     C:\Program Files\MAGIX --------- 0  
 20.12.2009 00:07     C:\Program Files\AOL --------- 0  
 10.12.2009 18:25     C:\Program Files\Microsoft Office --------- 4096  
 10.12.2009 18:24     C:\Program Files\MSECache --------- 0  
 01.12.2009 21:27     C:\Program Files\eMachines GameZone --------- 0  
 29.11.2009 22:24     C:\Program Files\Microsoft WSE --------- 0  
 21.11.2009 18:13     C:\Program Files\Pando Networks --------- 0  
 15.11.2009 16:08     C:\Program Files\DIFX --------- 0  
 10.11.2009 19:42     C:\Program Files\Microsoft Works --------- 0  
 12.07.2009 15:37     C:\Program Files\Microsoft Sync Framework --------- 0  
 12.07.2009 15:35     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 12.07.2009 15:33     C:\Program Files\Windows Live SkyDrive --------- 0  
 04.06.2009 16:06     C:\Program Files\MSXML 4.0 --------- 0  
 04.06.2009 15:58     C:\Program Files\Avira --------- 0  
 04.06.2009 15:19     C:\Program Files\EMACHINES --------- 0  
 04.06.2009 15:17     C:\Program Files\Gemeinsame Dateien --------- 0  
 04.06.2009 15:17     C:\Program Files\Windows NT --------- 4096  
 01.03.2009 00:35     C:\Program Files\Acer Incorporated --------- 0  
 01.03.2009 00:29     C:\Program Files\InterVideo --------- 0  
 01.03.2009 00:22     C:\Program Files\Apoint2K --------- 0  
 01.03.2009 00:16     C:\Program Files\Launch Manager --------- 0  
 08.08.2008 12:04     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 0  
 08.08.2008 11:53     C:\Program Files\NewTech Infosystems --------- 0  
 08.08.2008 11:33     C:\Program Files\Oberon Media --------- 0  
 08.08.2008 11:31     C:\Program Files\Realtek --------- 0  
 21.01.2008 04:57     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 14:58     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:35     C:\Program Files\Reference Assemblies --------- 0  
 02.11.2006 14:35     C:\Program Files\MSBuild --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Irene    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.428 K
smss.exe                       420 Services                   0            60 K
csrss.exe                      488 Services                   0           544 K
wininit.exe                    532 Services                   0            68 K
csrss.exe                      540 Console                    1         6.532 K
winlogon.exe                   588 Console                    1            80 K
services.exe                   612 Services                   0         1.504 K
lsass.exe                      628 Services                   0         2.844 K
lsm.exe                        636 Services                   0           928 K
svchost.exe                    812 Services                   0         2.588 K
svchost.exe                    884 Services                   0         2.376 K
svchost.exe                    920 Services                   0        17.480 K
svchost.exe                    988 Services                   0         3.380 K
svchost.exe                   1088 Services                   0        40.508 K
svchost.exe                   1104 Services                   0         7.216 K
audiodg.exe                   1184 Services                   0        11.348 K
svchost.exe                   1208 Services                   0           864 K
SLsvc.exe                     1224 Services                   0            52 K
WTouchService.exe             1340 Services                   0            84 K
svchost.exe                   1424 Services                   0         3.256 K
svchost.exe                   1448 Services                   0         1.300 K
wlanext.exe                   1544 Services                   0           800 K
spoolsv.exe                   1648 Services                   0         1.548 K
svchost.exe                   1672 Services                   0         1.476 K
svchost.exe                   1864 Services                   0         2.692 K
avguard.exe                   1888 Services                   0         9.008 K
LSSrvc.exe                    1952 Services                   0            72 K
BackupSvc.exe                 1988 Services                   0           528 K
svchost.exe                   2024 Services                   0           104 K
avshadow.exe                   440 Services                   0            60 K
svchost.exe                    456 Services                   0           912 K
Pen_Tablet.exe                  12 Services                   0            68 K
WLIDSVC.EXE                    632 Services                   0           500 K
taskeng.exe                   2108 Services                   0           136 K
WLIDSVCM.EXE                  2124 Services                   0            72 K
svchost.exe                   2992 Services                   0           396 K
WTouchUser.exe                3832 Console                    1           800 K
taskeng.exe                   3920 Console                    1         2.288 K
dwm.exe                       4064 Console                    1        32.324 K
explorer.exe                  2056 Console                    1        23.372 K
Pen_TabletUser.exe            1796 Console                    1           100 K
Pen_Tablet.exe                 820 Console                    1         1.676 K
MSASCui.exe                   1536 Console                    1           240 K
RtHDVCpl.exe                  2436 Console                    1           196 K
avgnt.exe                     2440 Console                    1         2.120 K
jusched.exe                   1060 Console                    1            64 K
wuauclt.exe                   2364 Console                    1            64 K
igfxsrvc.exe                  2516 Console                    1           120 K
hkcmd.exe                     2628 Console                    1            80 K
igfxpers.exe                  2396 Console                    1            84 K
SynTPEnh.exe                  2452 Console                    1           236 K
btdna.exe                     2900 Console                    1           956 K
wmpnscfg.exe                  2700 Console                    1           236 K
SearchIndexer.exe             2580 Services                   0        14.552 K
unsecapp.exe                  3364 Console                    1         1.076 K
WmiPrvSE.exe                  2780 Services                   0         1.896 K
wmpnetwk.exe                  2804 Services                   0           480 K
SynTPHelper.exe                724 Console                    1            76 K
PresentationFontCache.exe     3384 Services                   0           648 K
firefox.exe                   2104 Console                    1       134.124 K
SearchProtocolHost.exe        3436 Services                   0         8.076 K
SearchFilterHost.exe          1072 Services                   0         5.064 K
cmd.exe                       3672 Console                    1         2.824 K
tasklist.exe                  3596 Console                    1         4.496 K
WmiPrvSE.exe                   684 Services                   0         5.520 K
dllhost.exe                   2052 Console                    1         4.120 K

 
***** Ende des Scans 24.05.2011 um  0:02:30,72 ***

4. Meine installierten Programme

Code:

ATTFilter

AC3Filter 1.63b	Alexander Vigovsky	15.07.2010	1,67MB	1.63b
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	13.12.2009	14,0MB	
Adobe AIR	Adobe Systems Inc.	15.02.2011	29,4MB	2.5.1.17730
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	13.12.2009		10.0.22.87
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	18.05.2011		10.3.181.14
Adobe Reader 9.4.4 - Deutsch	Adobe Systems Incorporated	28.04.2011	167,4MB	9.4.4
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	10.02.2011	8,33MB	11.5.9.620
Akamai NetSession Interface		10.12.2010	5,63MB	
ALPS Touch Pad Driver	Alps Electric	13.12.2009		Version 7.0.1101.18
Avira AntiVir Personal - Free Antivirus	Avira GmbH	28.04.2011	72,3MB	10.0.0.648
CCleaner	Piriform	23.05.2011	3,41MB	3.06
Cheat Engine 6.0	Dark Byte	24.03.2011	18,6MB	
DNA	BitTorrent Inc.	07.03.2011	0,41MB	2.2.4 (16502)
eMachines	Oberon Media	13.12.2009	0,20MB	
eMachines Recovery Management	Acer Incorporated	27.02.2009	43,6MB	3.1.3003
eMachines ScreenSaver	Acer Incorporated	27.02.2009		1.02.0902
Facebook Plug-In	Facebook, Inc.	15.06.2010	5,46MB	
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	18.08.2010	3,07MB	
Free Studio version 4.8	DVDVideoSoft Limited.	02.08.2010	88,2MB	
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	18.08.2010	3,33MB	
Galapago	Oberon Media	13.12.2009	44,3MB	
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	23.05.2011		8.15.10.2281
InterVideo WinDVD 8	InterVideo Inc.	27.02.2009	99,7MB	8.0-B9.498
Java(TM) 6 Update 25	Sun Microsystems, Inc.	19.06.2010	94,5MB	6.0.250
Launch Manager		13.12.2009	2,43MB	
Malwarebytes' Anti-Malware	Malwarebytes Corporation	29.04.2011	3,91MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	13.12.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	13.12.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	120,3MB	4.0.30319
Microsoft Office Home and Student 2007	Microsoft Corporation	13.12.2009	298MB	12.0.6425.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	03.06.2010	0,49MB	2.0.4024.1
Microsoft Office Word Viewer 2003	Microsoft Corporation	12.04.2011		11.0.8173.0
Microsoft Silverlight	Microsoft Corporation	21.04.2011		4.0.60310.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.07.2009	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	11.07.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	18.01.2011	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.08.2008	0,41MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	12.04.2011	0,29MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	31.07.2010	2,86MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	03.06.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.06.2010	0,57MB	9.0.30729.4148
Microsoft Visual C++ Run Time  Lib Setup	Microsoft	25.09.2010	1,69MB	1.0.0
Microsoft Works	Microsoft Corporation	09.12.2009		08.05.0822
Microsoft WSE 3.0 Runtime	Microsoft Corp.	28.11.2009	0,92MB	3.0.5305.0
Mozilla Firefox (3.6.17)	Mozilla	29.04.2011	31,5MB	3.6.17 (de)
MP4 Media Player 1.0	vsevensoft.com	20.05.2010	13,4MB	
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	03.06.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,34MB	4.20.9876.0
Neffy 1,3,29,0	CDNetworks	12.05.2010	1,91MB	1,3,29,0
nProtect KeyCrypt		13.12.2009		
NTI Backup Now Standard		07.08.2008		
NTI Media Maker 8	NewTech Infosystems	07.08.2008	181,0MB	8.0.12.6325
Pando Media Booster	Pando Networks Inc.	12.05.2010	6,69MB	2.3.3.9
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	07.08.2008	1,55MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	07.08.2008	22,0MB	6.0.1.5648
Red Alert Windows 95		15.01.2010		
Samsung New PC Studio USB Driver Installer	Samsung Electronics Co., Ltd.	14.11.2009	8,55MB	1.00.0000
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	12.07.2009	32,5MB	8.0.0
Stifttablett	Wacom Technology Corp.	03.10.2010	51,6MB	
Synaptics Pointing Device Driver	Synaptics Incorporated	22.05.2011	28,6MB	15.0.6.0
Unity Web Player	Unity Technologies ApS	17.05.2011	0,20MB	
Visual C++ 8.0 Runtime Setup Package	Your Company	24.02.2010	1,55MB	1.0.0.0
WebTablet IE Plugin	Wacom Technology Corp.	03.10.2010		1.1.0.4
WebTablet Netscape Plugin	Wacom Technology Corp.	03.10.2010	0,75MB	1.1.0.3
Windows Live Essentials	Microsoft Corporation	24.02.2011	119,8MB	14.0.8117.0416
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	03.06.2010	4,69MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	18.01.2011	2,80MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	11.07.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	05.05.2010	0,29MB	1.0.0.8
WinMPG VideoConvert 9.1.6.0	Direct-Soft Inc.	25.09.2010	54,6MB	9.1.6.0
WinRAR archiver		27.02.2010	3,63MB

Ich hoffe ich habs richtig gemacht.

kira · 25.05.2011, 07:02

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
verwendest Du Squid-Proxy?-> "IP 131.247.2.247 network.proxy.http_port: 3128"

3.
BitTorrent/DNA: gilt als unsicher und sollte daher nicht eingesetzt werden.
Was ist BitTorrent/DNA

4.
wenn nicht unbedingt benötigst, kannst deinstallieren:

Code:

ATTFilter

Facebook Plug-In

5.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
[2010.11.17 20:53:57 | 000,002,567 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml
[2009.10.01 01:38:10 | 000,000,886 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml
[2010.12.09 19:16:46 | 000,010,017 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml
[2011.05.23 20:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\IRENE\PROGRAM FILES\DNA
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService]  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be566-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{261be569-c597-11df-9012-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell - "" = AutoRun
O33 - MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.05.23 20:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2011.04.30 00:12:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.29 21:09:01 | 000,000,136 | ---- | M] () -- C:\ProgramData\~32366344
[2011.04.29 21:09:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\~32366344r
[2011.04.29 20:11:43 | 000,000,336 | ---- | M] () -- C:\ProgramData\32366344
[2010.06.16 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Facebook

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Rin.T · 30.05.2011, 19:52

Mein Antwort war verspätet, mein Lüfter war auf einmal defekt.

Gmer hat beim ersten versuch nicht funktioniert.

Ich benütze kein proxy.

5.

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\askcom.xml moved successfully.
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\conduit.xml moved successfully.
C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\mywebsearch.xml moved successfully.
C:\USERS\IRENE\PROGRAM FILES\DNA\plugins folder moved successfully.
C:\USERS\IRENE\PROGRAM FILES\DNA folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034e4881-9ee7-11df-a64a-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f2dcf5f-f46a-11de-bfb1-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be566-c597-11df-9012-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be566-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be566-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be566-c597-11df-9012-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be569-c597-11df-9012-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be569-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261be569-c597-11df-9012-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261be569-c597-11df-9012-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f2a938d-c5a3-11df-8a48-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd53b71-8b4e-11de-a09f-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3df7ede-6cb2-11de-823b-00235a557c66}\ not found.
File E:\AutoRun.exe not found.
C:\Windows\Tasks\RegistryDoktor.job moved successfully.
C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk moved successfully.
File C:\ProgramData\~32366344 not found.
File C:\ProgramData\~32366344r not found.
File C:\ProgramData\32366344 not found.
Folder C:\Users\Irene\AppData\Roaming\Facebook\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 570510 bytes
->Temporary Internet Files folder emptied: 31752455 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90669426 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8588 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1274706 bytes
RecycleBin emptied: 303674 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 05302011_202408

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

6. OTL

Code:

ATTFilter

OTL logfile created on: 30.05.2011 20:31:09 - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 282,60 Mb Available Physical Memory | 29,64% Memory free
2,29 Gb Paging File | 1,39 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,55 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
PRC - [2011.04.30 04:38:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009.11.24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.17 01:36:02 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.11.24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009.07.19 04:00:01 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.13 22:46:27 | 000,002,560 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mchInjDrv.sys -- (mchInjDrv)
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.08 16:08:58 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009.05.20 21:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.15 13:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npkcrypt.sys -- (npkcrypt)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C EA ED 77 D2 6B CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: betterkongregate@matthewammann.com:3.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 04:38:46 | 000,000,000 | ---D | M]
 
[2009.08.23 15:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Extensions
[2011.05.30 13:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions
[2010.05.19 20:12:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.14 19:00:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.04 14:23:56 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010.07.22 03:40:41 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2011.05.26 22:56:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.13 20:09:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.13 20:09:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.04 14:58:50 | 000,000,000 | ---D | M] (Better Kongregate) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\betterkongregate@matthewammann.com
[2011.05.02 15:10:03 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Irene\AppData\Roaming\mozilla\Firefox\Profiles\fcd6izsg.default\extensions\multilinks@plugin
[2010.04.14 13:57:32 | 000,001,827 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\bing.xml
[2010.01.22 14:37:53 | 000,002,280 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\google-und-download-suche.xml
[2010.06.02 17:48:13 | 000,001,741 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\searchplugins\search-the-web.xml
[2011.05.30 13:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 19:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.30 22:21:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 212.186.211.21 195.34.133.21 195.34.133.22
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Irene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 22:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011.05.23 20:13:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.23 19:15:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:29:25 | 000,000,000 | ---D | C] -- C:\Users\Irene\{fcafd724-883f-4929-83a5-90f16d6cdb64}
[2011.05.23 18:05:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011.05.23 18:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011.05.23 18:02:38 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.19 14:54:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.30 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.30 22:21:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.30 22:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.30 20:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 20:27:37 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 20:26:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.30 20:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.30 20:26:06 | 1000,366,080 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.30 20:22:21 | 000,000,586 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.05.30 19:41:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.26 22:56:32 | 000,001,159 | ---- | M] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011.05.26 21:19:33 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.26 21:19:33 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.26 21:19:33 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.26 21:19:33 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.24 20:04:05 | 000,001,190 | ---- | M] () -- C:\Windows\System32\Pen_Tablet.dat
[2011.05.24 01:53:21 | 000,480,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.24 00:04:59 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.23 19:16:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Irene\Desktop\OTL.exe
[2011.05.23 18:07:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:02:38 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011.05.23 15:45:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.05.23 15:45:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.05.23 15:45:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.05.23 15:45:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.05.23 15:45:29 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.23 15:45:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.23 15:45:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.23 15:45:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.05.23 15:45:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.05.23 15:45:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.05.23 15:45:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.23 15:45:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.05.23 15:45:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.23 15:45:24 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.05.23 15:45:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.23 15:45:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.23 15:45:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:45:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.23 15:45:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.23 15:45:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.23 15:45:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.05.23 15:45:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.23 15:45:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.05.23 15:45:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.05.23 15:45:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.23 15:45:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.23 15:45:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.05.23 15:45:18 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.23 15:45:17 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.23 15:45:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.23 15:45:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.05.23 15:45:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.05.23 15:45:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.05.23 15:45:16 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.23 15:45:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.23 15:45:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.05.23 15:45:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.05.23 15:45:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.23 15:45:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.05.23 15:45:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.23 15:45:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.05.23 15:45:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.21 19:08:35 | 002,093,056 | ---- | M] () -- C:\Users\Irene\Desktop\CM.sai
[2011.05.19 14:54:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011.05.26 22:56:32 | 000,001,159 | ---- | C] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011.05.24 00:04:59 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.24 00:01:44 | 000,030,259 | ---- | C] () -- C:\Users\Irene\Desktop\hjtscanlist.bat
[2011.05.23 18:07:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.05.23 18:07:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.05.23 18:06:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.05.23 16:05:34 | 000,000,917 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.05.23 15:45:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.05.23 15:11:38 | 1000,366,080 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.21 18:36:23 | 002,093,056 | ---- | C] () -- C:\Users\Irene\Desktop\CM.sai
[2011.01.12 11:11:32 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.01.12 11:11:30 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.01.12 11:11:28 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.01.12 10:36:58 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.11.06 17:25:43 | 000,001,190 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat
[2010.09.13 17:51:55 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.08.03 18:39:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 14:38:31 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 12:14:50 | 000,000,035 | ---- | C] () -- C:\Windows\Weather.Ini
[2010.03.14 19:29:25 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2010.02.26 21:00:16 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.02.26 20:56:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.02.26 20:54:41 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.26 20:54:29 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.07 19:39:32 | 000,006,080 | ---- | C] () -- C:\Users\Irene\AppData\Local\d3d9caps.dat
[2010.01.24 19:49:20 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.01.23 00:36:44 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.18 18:53:04 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.16 17:48:23 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.13 21:50:03 | 000,005,840 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\UserTile.png
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.15 16:06:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.15 16:06:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.05 19:44:14 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2009.10.08 14:55:28 | 000,000,586 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.11 00:18:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 00:18:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.13 02:23:29 | 000,000,090 | ---- | C] () -- C:\Windows\System32\EUSOFT.SYS
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.25 18:33:03 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.07.25 00:43:22 | 000,000,811 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.07.24 16:14:40 | 000,000,080 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\wklnhst.dat
[2009.06.21 01:33:55 | 000,007,168 | ---- | C] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.04 15:30:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.01 00:24:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.03.01 00:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.17 17:43:46 | 000,589,824 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2008.11.27 06:24:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008.11.27 06:24:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.15 03:41:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.08.08 20:44:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.08 11:53:12 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.08.08 11:30:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.08.08 11:30:05 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 10:21:25 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,480,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.11.27 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\App Launcher Gadget
[2011.05.30 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DNA
[2011.04.16 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2011.05.26 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.09 23:32:12 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\FontCreator
[2010.10.03 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\gtk-2.0
[2009.07.27 02:59:13 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\InterVideo
[2010.01.11 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\NCH Swift Sound
[2009.11.15 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\PC Suite
[2010.07.28 00:59:45 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Sierra
[2010.05.17 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\SYSTEMAX Software Development
[2010.02.15 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Template
[2011.01.09 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Unity
[2010.09.26 02:06:14 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WinMPG
[2010.10.04 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\WTouch
[2010.05.04 21:05:07 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011.05.30 20:25:12 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 30.05.2011 20:31:09 - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Irene\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
953,27 Mb Total Physical Memory | 282,60 Mb Available Physical Memory | 29,64% Memory free
2,29 Gb Paging File | 1,39 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): C:\pagefile.sys 1429 1429 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 79,55 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: IRENE-PC | User Name: Irene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193C16D2-25A8-4877-99E2-6398EDB90156}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{946A8F0D-E62B-4CDE-BF0E-E9D39CFB4F2F}" = lport=50295 | protocol=6 | dir=in | name=akamai netsession interface | 
"{B62C7B46-36D5-4821-A8F5-AF5ED4526CA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CE04B56B-3F5F-4F38-B108-D3C85FA32F1E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{DC6CEB81-5611-46EC-A51F-BDE4F62A36B0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{DD88B457-03BD-4707-A004-C0ED5B1C4AD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C6D448-CCF7-4C00-A67D-2E3524687452}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{0790089F-AA8C-4E5F-B4F8-C3FE6B5A81E9}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{087627E0-83FD-42D2-A386-BCF40B77F03F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E58A0A5-4C9C-4788-BB99-117685A96464}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{12495251-71AE-4DED-A963-D65C68C56A6A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{1B0F7E47-896B-4C0A-A882-2FCA86E9964E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{40AD01C3-8D43-4CF7-BF07-4CDA6A0D0519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{43CD71B8-CE2D-4A03-B91D-D9A24D41DA37}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{57529B4C-CA3F-43C3-A21B-DF7073FC0C2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{57F8DD6C-23D8-4740-B9FA-5806538AA216}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5A0338E7-3D0B-4DE6-B9F8-F73D7DFDD792}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{5FBA5F8B-74FA-405F-AAD3-1EC7215BBA91}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{67392AE3-C899-42EF-AF58-873D97B2BCC8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{6BCB72CB-B4F2-4C16-A622-ED8CFC1A14BC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{714A1D63-D3BF-49F5-88D8-7A0A029FC0A0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{870A1CD7-90B8-45E1-8945-3081C50CC75E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{8C3B5583-9234-4389-A125-2ED19B3C652F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{91BD3F58-C642-4CAA-B950-B34676AEB8D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{93E33A36-46FC-416B-AABD-881E6F54F880}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{94EFF76D-B7D9-4278-9DFB-66A49717D0A5}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{9710E36F-67AA-4040-B679-5A8247B0CF82}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A2703811-CEF0-4B70-B8B9-C1B3452D7D5F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AB85559E-145E-471F-986D-087D8576D400}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B50BF2B8-F2D7-49F1-A770-797E515F98BB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B6F8C181-C507-42C6-9881-415BD34E46C6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BD2ECE45-FE22-4A7C-B002-85FCB11F4743}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C9C5C08F-CBA8-46C6-8CB0-1E8AE6C64A4A}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{CC7CFC7A-3896-4421-BC38-3EE7EBE89F89}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CE5666A7-F343-4452-AA15-7E487687FFD3}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{CE9AF69A-AAD0-4BA3-96E6-26634BCA6034}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{CEF2FBBC-41DB-4358-AB01-52B4B615F8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{CF753184-FB85-4388-AF1D-1ABB56928CE8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F036BE76-6F28-4649-BE54-E8B882DACAEF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F62A4492-031A-4DD7-85FB-2743A003953D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F9BFF757-9EA3-4AFA-8B2A-D8744F41B32B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{02965AF5-ECF9-4784-B444-40979A80487C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{04010334-3242-4687-96D5-2883C103B8FD}C:\program files\irisnotes\easy note taker.exe" = protocol=6 | dir=in | app=c:\program files\irisnotes\easy note taker.exe | 
"TCP Query User{049A89EB-4581-450E-94C1-762303AB9B09}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{1330EEC4-2CDC-4406-8EA4-E29334D28667}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"TCP Query User{1ABF0AC5-83D2-42CE-8989-420FED880119}C:\program files\weltwunder\game.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\game.exe | 
"TCP Query User{2173C38E-5E49-452F-89C5-C0021042B9F7}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"TCP Query User{288335AA-542A-4EDA-9DCE-F4A8A4471E49}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{304F9926-5E45-4380-A905-73D1530EC12C}C:\users\irene\downloads\dragonoath.exe" = protocol=6 | dir=in | app=c:\users\irene\downloads\dragonoath.exe | 
"TCP Query User{33975C40-C224-4746-B9A1-5C1733A55BC0}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{37942AE9-7889-4194-8A56-2C58E8BA941E}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=6 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe | 
"TCP Query User{3D26E38A-2B61-4AF8-A98A-F0F1C2D7DE89}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"TCP Query User{47322C84-8FA1-4EBC-B9F8-9B49F6F138F1}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{59708A26-D025-4EB0-BD44-8242A85CD104}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe | 
"TCP Query User{5B214D58-A7BA-418B-AB55-7930C40BD801}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=6 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe | 
"TCP Query User{5F6CD87E-60D1-43DF-A0A2-9A6F2EDACB19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{70B0754C-A6E8-4AF1-B399-DF6DB0894BE5}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{72D80BAE-36DF-49C0-BC17-719EEB6CF9F7}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"TCP Query User{7CD6E412-9A26-41CB-87A8-3EF2A9CB13FD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8453D2F3-A324-41BF-BD70-41A3063ECC60}C:\program files\weltwunder\gamemp.exe" = protocol=6 | dir=in | app=c:\program files\weltwunder\gamemp.exe | 
"TCP Query User{86FE2CBD-AFAB-49BA-9B08-B45FE6A22BA2}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{98214D9E-DCD9-4F1A-BE08-3E2E6AAC116F}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{A1513D5C-FEAB-4403-8998-85FB4116F4D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A67198B2-4C81-4A51-B42D-704060B0C701}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{AAA966B7-896B-4B75-930F-684F31626925}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{B4748A90-2B95-4FCF-BE6C-A1CF1A406C0E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"TCP Query User{D37C86A8-803B-46F9-9DA2-08AEEB9A3410}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{DA9D4871-2D8E-4235-AD48-6F408B71050E}C:\users\irene\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"TCP Query User{EE9D07A1-B34A-478F-88A9-2DF58B66B010}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"TCP Query User{F80066FF-DDEF-405B-A02F-FDB249447618}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{02B9A706-BC3C-48B2-8ABF-73756EDD5916}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{196F38D2-EAEB-43E4-BDDD-36073195A32F}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"UDP Query User{233A6CDB-1329-40D9-8236-C7A24DF268F5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{26221FBF-9514-4331-9EB0-BA916B066BDF}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\empires2.exe | 
"UDP Query User{2B7AE3B8-7BBB-42B4-B18A-8E69435FB1F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{2E2CF505-6B9C-46E0-9CD1-4B3B777A8068}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{3A63A381-C6DB-4941-981F-A76D9659F44C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{3AC1B626-9504-4AED-9184-AB1E412E65B3}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"UDP Query User{5AF98240-79C0-4E45-942E-3769895855CC}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{66CE66A2-E660-4A54-9409-8E2F4FC722CA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7018DF44-B787-476C-85B6-C6DC984664FD}C:\users\irene\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\irene\program files\dna\btdna.exe | 
"UDP Query User{7EBE9ED0-8684-409F-88DE-C23FC0CB60D7}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{8856A8C9-A910-4005-9846-5C8856D9EBBB}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{943CA8A9-9EC6-4417-BC51-9D507A1706CC}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | 
"UDP Query User{9FA55788-1D4F-4EDE-A001-56DCBA81A649}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A35A0774-4009-4E64-9086-2CC5985CB9D8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{A5CCE7C1-EFEB-49B4-B478-EA556E4792B7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B2BBB383-91A7-49E4-AF2D-47C64AE83589}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe | 
"UDP Query User{B8DA9F0C-6553-487D-9AEC-C8B101783846}C:\program files\weltwunder\game.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\game.exe | 
"UDP Query User{BF1E9F59-F0A7-42C3-9DEB-BA4D139FB127}C:\program files\weltwunder\gamemp.exe" = protocol=17 | dir=in | app=c:\program files\weltwunder\gamemp.exe | 
"UDP Query User{BFB1EDE0-CE81-4D4B-BDF8-21CB3C7421CD}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{C42BC2B8-5D46-4C7E-8C92-A7F9E400DB8A}C:\program files\irisnotes\easy note taker.exe" = protocol=17 | dir=in | app=c:\program files\irisnotes\easy note taker.exe | 
"UDP Query User{C4891A16-CAA0-40D1-866C-346BA017E9A3}C:\program files\blimb entertainment\roswell encounter\roswell.exe" = protocol=17 | dir=in | app=c:\program files\blimb entertainment\roswell encounter\roswell.exe | 
"UDP Query User{C4EB875A-45F1-4F8D-AE8F-E035A3834F12}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CFC18456-BC29-4B84-8E5F-6BDB3985781C}C:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\appdata\local\temp\rar$ex54.480\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"UDP Query User{D9C64937-B67F-4C24-8DC1-AB9C3E7188E8}C:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\irene\desktop\age of empires 2 & the conquerors expansion - full game - [hussey]\age2_x1.exe | 
"UDP Query User{DBEE5BCD-40EA-4F2D-9406-5A1992F5DAE6}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{F8FF90E6-5977-46BA-B985-589E3C26FB21}C:\users\irene\downloads\dragonoath.exe" = protocol=17 | dir=in | app=c:\users\irene\downloads\dragonoath.exe | 
"UDP Query User{FD9C52FB-B090-4189-A10C-EE6B57AA6E2A}C:\program files\atari\deer hunter 2005\dh2005.exe" = protocol=17 | dir=in | app=c:\program files\atari\deer hunter 2005\dh2005.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP4 Media Player_is1" = MP4 Media Player 1.0
"Neffy" = Neffy 1,3,29,0
"npkcxp" = nProtect KeyCrypt
"Pen Tablet Driver" = Stifttablett
"Red Alert" = Red Alert Windows 95
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 9.1.6.0
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2011 07:32:45 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2011 13:11:36 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0xbcc, Anwendungsstartzeit
 01cbc84eda4ea05a.
 
Error - 10.02.2011 06:19:36 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2011 08:47:29 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02,  Prozess-ID 0x56c, Anwendungsstartzeit
 01cbc90e3de768a0.
 
Error - 11.02.2011 08:47:52 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 10:32:12 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 16:20:34 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.02.2011 16:48:15 | Computer Name = Irene-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3989, Zeitstempel
 0x4cf928fc, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x490, Anwendungsstartzeit
 01cbca2b83530101.
 
Error - 12.02.2011 07:36:02 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2011 07:32:27 | Computer Name = Irene-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.05.2011 08:50:54 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 30.05.2011 11:34:27 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 30.05.2011 11:34:27 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30.05.2011 12:18:23 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 30.05.2011 13:03:10 | Computer Name = Irene-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.05.2011 um 18:55:20 unerwartet heruntergefahren.
 
Error - 30.05.2011 13:04:48 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 30.05.2011 13:04:48 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 30.05.2011 14:24:11 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 30.05.2011 14:27:21 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 30.05.2011 14:27:21 | Computer Name = Irene-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

kira · 31.05.2011, 16:49

Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
FF - prefs.js..keyword.URL: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - prefs.js..network.proxy.http: "131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3128
O4 - HKCU..\Run: [BitTorrent DNA]  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0A8E2C33
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Rin.T · 02.06.2011, 12:43

1.OTL

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYAT&fl=0&ptb=ZxKqNElNoyPrQJuzcKO4ZQ&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Prefs.js: "131.247.2.247" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
ADS C:\ProgramData\TEMP:C46995DA deleted successfully.
ADS C:\ProgramData\TEMP:0A8E2C33 deleted successfully.
ADS C:\ProgramData\TEMP:F01E7F17 deleted successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:C5760A8B deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:DB365884 deleted successfully.
ADS C:\ProgramData\TEMP:CF5C4195 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
ADS C:\ProgramData\TEMP:9B52F176 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 154856076 bytes
->Temporary Internet Files folder emptied: 389463 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72931867 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1264 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 597482 bytes
RecycleBin emptied: 23315824 bytes
 
Total Files Cleaned = 240,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06012011_150419

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2.

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2011 at 05:12 PM

Application Version : 4.53.1000

Core Rules Database Version : 7174
Trace Rules Database Version: 4986

Scan type       : Complete Scan
Total Scan Time : 01:56:38

Memory items scanned      : 584
Memory threats detected   : 0
Registry items scanned    : 7925
Registry threats detected : 0
File items scanned        : 46233
File threats detected     : 80

Adware.Tracking Cookie
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@ad.yieldmanager[2].txt
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@adbrite[1].txt
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@advertise[1].txt
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@atdmt[2].txt
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@content.yieldmanager[1].txt
	C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Cookies\irene@tribalfusion[1].txt
	.doubleclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.atdmt.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.collective-media.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adbrite.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.mywebsearch.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	wstat.wibiya.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.xiti.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	sso-de.bestofmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	www.mediamarkt.at [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	s01.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	counters.gigya.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.lucidmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.ru4.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	s04.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	s06.flagcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adcentriconline.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.statcounter.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	statse.webtrendslive.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.dmtracker.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.media6degrees.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.lfstmedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	ad1.adfarm1.adition.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.msnportal.112.2o7.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.legolas-media.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.revsci.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.apmebf.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.microsoftsto.112.2o7.net [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.yadro.ru [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.yadro.ru [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]
	.tracking.quisma.com [ C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\fcd6izsg.default\cookies.sqlite ]

3. Seit einer Stunde läuft der Scan nicht mehr weiter, es bleibt immer bei C:\ACER\Preload\Autorun\APP\NTI Media Maker\Data1.cab stehen.
Auch bei mehreren Versuchen hat es auch nichts genützt.

kira · 02.06.2011, 14:05

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Rin.T · 02.06.2011, 18:59

Nein. Keine Probleme, mein Rechner ist in Ordnung.

Rin.T · 02.06.2011, 21:29

Zitat:

Zitat von Rin.T

Nein. Keine Probleme, mein Rechner ist in Ordnung.

Ach nein doch nicht! Es ist immer noch da diese iexplore.exe

kira · 02.06.2011, 22:07

"iexplore.exe"?
normalerweise seit "IE8" stellt kein Problem dar bzw ist das normal zu betrachten (eins für den IE + andere für zusätzliche Prozesse für die Tabs)

ist dir bekannte Einträge bzw Seite, absichtlich zugefügt?

Code:

ATTFilter

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"

Rin.T · 03.06.2011, 14:08

Leider weiß ich nicht, ich benütze IE überhaupt nicht mehr. Und mir ist was verdächtiges entdeckt das im Add-ons 2 Schlüssel-einträge drin war.

Code:

ATTFilter

{53F6FCCD-9E22-4D71-86EA-6E43136192AB}
{925DAB62-F9AC-4221-806A-057BFB1014AA}

Ist das normal?

kira · 03.06.2011, 21:53

nicht schädlich, aber kannst beide löschen

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vb32&d=0209&m=e520
FF - prefs.js..browser.search.defaultthis.engineName: "OurWorld.com Customized Web Search"
         
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

Rin.T · 04.06.2011, 14:23

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Prefs.js: "OurWorld.com Customized Web Search" removed from browser.search.defaultthis.engineName
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Irene
->Temp folder emptied: 17146787 bytes
->Temporary Internet Files folder emptied: 41071516 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 139079763 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7634 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1199260 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 189,00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06042011_150448

Files\Folders moved on Reboot...
C:\Users\Irene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

Registry entries deleted on Reboot...

trotz hat es nichts geändert, es ist immer noch da.

iexplore.exe im Taskmanager

Plagegeister aller Art und deren Bekämpfung: iexplore.exe im Taskmanager