Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verschlüsselungs Trojaner entfernen!

Verschlüsselungs Trojaner entfernen!


Log-Analyse und Auswertung: Verschlüsselungs Trojaner entfernen!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.06.2012, 21:42   #11
leeann0405
 
Verschlüsselungs Trojaner entfernen! - Standard

Verschlüsselungs Trojaner entfernen!


Hier nun eure gewüschten Logfiles von mir!! ich bin echt verzweifelt, vielleicht sollte ich doch lieber jemaden Ranlassen der mehr ahnung von PC´s hat wie ich ich bin einfach nicht geschaffen um in technisches Sachen durchzublicken!!! ich hatte nur den logfile Otl.exe aber kein extras.exe?! hab bestimmt wieder was falsch gemacht, aber ich habe nur das befolgt was ihr mir hier sagt!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2012 22:28:38 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Lee-ann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,22% Memory free
7,99 Gb Paging File | 6,14 Gb Available in Paging File | 76,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 398,14 Gb Free Space | 87,71% Space Free | Partition Type: NTFS
 
Computer Name: LEE-ANN-PC | User Name: Lee-ann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 15:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lee-ann\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.09.18 01:42:11 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.07 11:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.07 11:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2008.07.04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.18 01:42:11 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.18 15:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.10.18 15:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.10.18 15:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.05.30 08:33:14 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.10.18 18:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.28 13:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.07 11:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.05 21:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 23:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2008.07.04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.15 14:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.10.15 14:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.15 14:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.10.15 14:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.07.28 02:15:42 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.21 07:13:12 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009.07.21 07:13:10 | 000,025,088 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009.06.10 23:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.14 18:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.05.01 20:13:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.02.13 08:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.02.13 08:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.02.13 08:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008.03.17 12:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360110l906l0328z165t47k1y002
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360110l906l0328z165t47k1y002
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360110l906l0328z165t47k1y002
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360110l906l0328z165t47k1y002
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8735&r=27360110l906l0328z165t47k1y002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE361
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{899CEF39-2470-460E-AF9C-886857C8DECF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=294A6E81-FAA2-48F6-856D-61A8DAB0FBFB&apn_sauid=F217DF25-091C-4465-845F-127E33A04DF2&
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKCU\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-ober&type=spilde&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lee-ann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lee-ann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.10 00:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.27 12:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.01.03 16:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.13 15:44:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.10 00:06:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firefox@bandoo.com: C:\Users\Lee-ann\AppData\Roaming\Mozilla\Firefox\Profiles/f0yuq647.default\extensions\firefox@bandoo.com
 
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2010.09.26 17:56:26 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.09.14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010.07.27 10:48:38 | 000,002,039 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchfbpage1.xml
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: QuestScan (Enabled)
CHR - default_search_provider: search_url = hxxp://www.questscan.com/?tmp=redir_bho_bing&prt=QstscanPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lee-ann\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lee-ann\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lee-ann\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Lee-ann\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: SiteAdvisor = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Lee-ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120103153250.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.4\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120103153250.dll (McAfee, Inc.)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Lee-ann\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKCU..\Run: [523D5C85] C:\Users\Lee-ann\AppData\Roaming\Jqfylebifd\txpmgrcrnc.exe ()
O4 - HKCU..\Run: [cigie.exe] C:\Users\Lee-ann\AppData\Roaming\Idby\cigie.exe ()
O4 - HKCU..\Run: [Fqjejj] C:\Users\Lee-ann\AppData\Roaming\Fqjejj.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKCU..\Run: [Yqjejc] C:\Users\Lee-ann\AppData\Roaming\Yqjejc.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A16C0-273F-4493-83B6-1C77D7F2FE7F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0964f3e7-f9a0-11de-9e15-001e65adc37a}\Shell - "" = AutoRun
O33 - MountPoints2\{0964f3e7-f9a0-11de-9e15-001e65adc37a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0964f427-f9a0-11de-9e15-001e65adc37a}\Shell - "" = AutoRun
O33 - MountPoints2\{0964f427-f9a0-11de-9e15-001e65adc37a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0964f440-f9a0-11de-9e15-001e65adc37a}\Shell - "" = AutoRun
O33 - MountPoints2\{0964f440-f9a0-11de-9e15-001e65adc37a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4812bb5f-529c-11e1-bfcf-001f16c6eb4b}\Shell - "" = AutoRun
O33 - MountPoints2\{4812bb5f-529c-11e1-bfcf-001f16c6eb4b}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4812bb61-529c-11e1-bfcf-001f16c6eb4b}\Shell - "" = AutoRun
O33 - MountPoints2\{4812bb61-529c-11e1-bfcf-001f16c6eb4b}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c462f2b5-af71-11df-804b-001f16c6eb4b}\Shell - "" = AutoRun
O33 - MountPoints2\{c462f2b5-af71-11df-804b-001f16c6eb4b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{f5001619-f9f6-11de-9a29-001e65adc37a}\Shell - "" = AutoRun
O33 - MountPoints2\{f5001619-f9f6-11de-9a29-001e65adc37a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f500161c-f9f6-11de-9a29-001e65adc37a}\Shell - "" = AutoRun
O33 - MountPoints2\{f500161c-f9f6-11de-9a29-001e65adc37a}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 22:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.14 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{BEE38780-CBC8-4EAB-80D1-A7BAA1A96B5C}
[2012.06.14 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{AD94601D-F4BF-4A8C-A02B-BF27C80D864C}
[2012.06.14 22:11:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.14 21:50:23 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{FFC48693-03A2-4BA6-8222-42F6C1579D4B}
[2012.06.14 21:50:11 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{E447E854-A14F-4505-924C-3EAAB63B8E0A}
[2012.06.14 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{43A21164-042C-45AF-9E33-BC1B11738CD2}
[2012.06.14 20:06:55 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{6D100D30-B35F-4E08-8AB5-916422530095}
[2012.06.14 20:04:39 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{F7AD2D6F-1522-4EE9-A454-E055B17410B0}
[2012.06.14 20:04:27 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{2A769F0B-9476-451B-A4A4-AC1187D56B5A}
[2012.06.14 20:03:18 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{6BE9B5A5-5E2F-4EF2-BA6C-64542D59CEC7}
[2012.06.14 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{DD5542EA-EE74-401A-807E-4315578316D8}
[2012.06.14 15:41:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lee-ann\Desktop\OTL.exe
[2012.06.14 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{B4091928-6C96-4D05-8990-291637002F87}
[2012.06.14 12:20:18 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{AB1B801C-6A30-40B5-AE42-1EBE75DDC0F6}
[2012.06.14 08:01:18 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{D4ECCE05-4BC3-4E5C-A8A1-8958E91E6012}
[2012.06.14 00:59:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 00:59:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 00:59:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 00:59:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 00:59:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 00:59:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 00:59:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 00:59:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 00:59:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 00:59:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 00:59:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 00:59:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 00:59:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 00:50:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 00:50:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 00:50:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 00:49:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 00:49:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 00:49:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 00:49:18 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 00:49:00 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 00:48:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.14 00:37:28 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{811A59F6-F27D-4972-B302-5A4B9479E63A}
[2012.06.14 00:37:17 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{3FB07AEF-61B1-4A22-B32E-AAA000DF56C9}
[2012.06.14 00:36:52 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{7A1CE2F7-37FB-454D-B614-64CBFE0156CE}
[2012.06.14 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{A20FD145-C03F-4E82-9C78-AD236162BA4D}
[2012.06.13 20:23:28 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{128D8388-07BD-4D02-AA68-8EDF6EF660F2}
[2012.06.13 20:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{2A39BC61-2F39-4C33-AD59-C99E64D7F364}
[2012.06.13 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{287DD0F3-3220-4E28-B536-00D0C3C95265}
[2012.06.13 18:51:30 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{5F65D191-D4A8-4F37-9A66-1C81DF875C78}
[2012.06.13 18:51:13 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{9FA65163-6542-4353-AD8D-19EDC711E89E}
[2012.06.13 18:33:47 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{A8CA13D9-25C5-48B7-A761-823E1AAEFFF7}
[2012.06.13 18:33:35 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{8625905E-1F44-407C-A1AB-FFB5F180CA22}
[2012.06.13 18:03:15 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{B52D8386-F2EF-4288-AB18-5C0FC835C6AA}
[2012.06.13 18:02:56 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{E839EA5F-54E7-4324-8F09-210FD349725C}
[2012.06.13 17:59:53 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{7EA824E7-A8A3-47DC-9325-7C2171CFB436}
[2012.06.13 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\www.shadowexplorer.com
[2012.06.13 17:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.13 17:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2012.06.13 16:59:14 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\Documents\PandaUnRansom
[2012.06.13 16:38:24 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\Documents\Avira-RansomFileUnlocker-1.0.1
[2012.06.13 16:26:04 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\JPEGsnoop
[2012.06.12 14:31:24 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\Virusbekämpfung
[2012.06.12 14:15:14 | 000,409,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lee-ann\Documents\rescue2usb.exe
[2012.06.12 14:01:13 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{BCF4100E-7543-468F-9A7B-33F512119774}
[2012.06.12 14:00:59 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{EB2694C7-1983-46A3-8D62-F56C12AFE918}
[2012.06.12 12:47:02 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{2D797B41-4930-4A71-8262-29C54E3FC32C}
[2012.06.12 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{DD6DB3EB-2ECC-4367-8626-4B7AD30141E5}
[2012.06.12 08:54:59 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{AF2FF125-1D58-489F-A355-2AA881AF5532}
[2012.06.12 08:54:46 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{1623C756-811A-4184-B1AC-CFC0243AB662}
[2012.06.12 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\Malwarebytes
[2012.06.12 08:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 08:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 08:49:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.12 08:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.12 08:45:17 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{C501356A-7459-4504-814C-42BBB3E160BA}
[2012.06.12 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{1FE8243F-3FCD-46A3-A5BB-98260D15BEEF}
[2012.06.12 08:40:53 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{DCB9F4F6-E97B-47CE-8B00-07C15E8833CF}
[2012.06.12 08:40:38 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{2B0BBF75-697D-4201-9157-748E66B898D0}
[2012.06.12 08:37:19 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{0245231E-9F0C-46ED-92F3-096339B51D1D}
[2012.06.11 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{875E5B12-0F2E-4E57-A30E-4C7CF575DA7E}
[2012.06.11 22:38:53 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{4F6EACDD-5E56-43B4-A883-6E7F14A49B0F}
[2012.06.11 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\Jqfylebifd
[2012.06.11 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{644540B4-FD84-48A2-A780-E8638E108FF8}
[2012.06.11 08:42:30 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{3A5C55D8-A278-4382-9E2A-75E109B74B34}
[2012.06.10 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{13C6B03B-B34E-4EA3-B7FC-30F6DD2609AF}
[2012.06.10 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{1801C768-5A78-4DF6-93B2-EA04EB73C3C9}
[2012.06.10 16:45:20 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{A886CD0B-C653-418D-8460-B248694DF559}
[2012.06.07 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{F3AE90B3-0367-4DC5-89A7-F0D4DF3CCA21}
[2012.06.07 23:09:19 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{BDB9B035-B981-4A81-8B40-8316C4B91E78}
[2012.06.05 12:17:04 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{EAFDF456-F593-41F4-9493-C848A5388706}
[2012.06.05 12:16:47 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{E9A76A71-C14E-48AC-BB57-02CA1D70A920}
[2012.06.04 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\UAs
[2012.06.04 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\xmldm
[2012.06.04 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Roaming\kock
[2012.05.30 09:17:26 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{3AD43546-858A-4F2B-931D-16A9669855CA}
[2012.05.30 09:17:12 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{F51DCD9D-3310-4A29-A9A1-213F5B445907}
[2012.05.30 08:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.05.30 08:35:24 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{0B2EF65D-2FCA-4162-91E0-3DDF4D54D188}
[2012.05.30 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{3439CC80-220D-453D-A06F-378D226BC160}
[2012.05.28 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{7B697541-06B6-446A-9F93-74A8989740E5}
[2012.05.28 16:03:54 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{05D46302-CC37-47A6-80E6-28F704247255}
[2012.05.20 13:00:36 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{2E88CC15-582F-43F3-8030-0EA964815E9F}
[2012.05.20 13:00:22 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{098EAE48-6E3F-4CA9-9BBA-022EC620B8C1}
[2012.05.16 11:30:27 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{A73AE504-E0A2-4C74-8C36-42361D737805}
[2012.05.16 11:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lee-ann\AppData\Local\{AA89336F-F685-4F1C-AB6F-204B785B5DD0}
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 22:30:32 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:30:32 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:29:36 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012.06.14 22:22:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 22:22:42 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\UPPACR.job
[2012.06.14 22:22:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 22:22:29 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 22:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 22:07:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966034972-3007573227-3065103239-1000UA.job
[2012.06.14 20:07:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-966034972-3007573227-3065103239-1000Core.job
[2012.06.14 19:56:50 | 000,000,586 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lee-ann.job
[2012.06.14 15:41:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lee-ann\Desktop\OTL.exe
[2012.06.14 06:42:13 | 000,343,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 17:05:04 | 000,001,889 | ---- | M] () -- C:\Users\Lee-ann\Desktop\ShadowExplorer.lnk
[2012.06.13 17:03:50 | 000,002,117 | ---- | M] () -- C:\Users\Lee-ann\Desktop\Continue SweetIM Installation.lnk
[2012.06.12 14:10:23 | 002,346,700 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.12 14:10:23 | 001,129,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.12 14:10:23 | 000,671,552 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.12 14:10:23 | 000,593,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.12 14:10:23 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.12 08:49:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 05:09:33 | 000,002,413 | ---- | M] () -- C:\Users\Lee-ann\Desktop\Google Chrome.lnk
[2012.06.11 09:13:49 | 000,000,012 | ---- | M] () -- C:\Users\Lee-ann\AppData\Roaming\urhtps.dat
[2012.05.24 16:46:26 | 000,003,268 | ---- | M] () -- C:\Users\Lee-ann\AppData\Roaming\wklnhst.dat
[2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.13 17:05:04 | 000,001,889 | ---- | C] () -- C:\Users\Lee-ann\Desktop\ShadowExplorer.lnk
[2012.06.13 17:01:00 | 000,002,117 | ---- | C] () -- C:\Users\Lee-ann\Desktop\Continue SweetIM Installation.lnk
[2012.06.12 14:15:15 | 000,028,160 | ---- | C] () -- C:\Users\Lee-ann\Documents\syslinux.exe
[2012.06.12 14:15:15 | 000,000,237 | ---- | C] () -- C:\Users\Lee-ann\Documents\syslinux.cfg
[2012.06.12 14:15:14 | 000,237,849 | ---- | C] () -- C:\Users\Lee-ann\Documents\grub.exe
[2012.06.12 08:49:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 09:13:49 | 000,000,012 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\urhtps.dat
[2012.03.22 13:35:16 | 000,219,163 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011.11.28 19:08:28 | 000,000,000 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\{81B65587-BFED-44D6-8A63-58F01E6B3401}
[2011.11.26 01:10:33 | 000,000,000 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\{E50EBDBC-B8B0-4694-B86E-7BD09AEE2D0C}
[2011.11.26 01:07:17 | 000,000,000 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\{BFCF55C3-05DE-4096-8BEC-F796C09A6CDA}
[2011.11.23 12:51:07 | 000,000,000 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\{8D818549-EE1A-4572-81D8-B87E627C3079}
[2011.08.04 22:46:43 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\DD67.exe
[2011.08.04 19:03:18 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\50BB.exe
[2011.08.04 15:45:10 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\EDFC.exe
[2011.08.04 15:21:43 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\7503.exe
[2011.08.04 12:04:20 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\3444.exe
[2011.08.04 10:31:12 | 000,001,095 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\F02B.exe
[2011.08.04 00:28:41 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.04 00:28:41 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.30 13:45:08 | 000,001,118 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\546C.exe
[2011.05.30 13:18:09 | 000,001,118 | ---- | C] () -- C:\Users\Lee-ann\AppData\Roaming\9F5E.exe
[2010.12.05 01:27:45 | 000,019,456 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\WebpageIcons.db
[2010.12.05 00:29:48 | 000,007,618 | ---- | C] () -- C:\Users\Lee-ann\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2010.01.07 16:14:24 | 000,000,000 | -HSD | M] -- C:\Users\Lee-ann\AppData\Roaming\.#
[2010.03.26 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\AnvSoft
[2010.10.25 11:44:36 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Bandoo
[2011.08.08 13:37:19 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoft
[2011.01.26 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.04 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\GameConsole
[2011.06.28 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\go
[2010.04.30 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\gtk-2.0
[2012.05.06 02:54:29 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Idby
[2012.06.13 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\JPEGsnoop
[2012.06.11 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Jqfylebifd
[2012.06.04 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\kock
[2012.04.13 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\loadtbs
[2010.02.01 18:23:06 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\PlayFirst
[2010.01.05 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\PowerCinema
[2011.06.16 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\ScreeNet iSaver
[2010.01.05 03:03:30 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\SoftDMA
[2010.10.29 18:24:44 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\SulusGames
[2010.02.04 00:48:18 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Template
[2012.06.08 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\UAs
[2010.01.04 22:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Vodafone
[2012.06.13 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Vyuzpo
[2012.05.07 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\Windows Live Writer
[2012.06.13 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\www.shadowexplorer.com
[2012.06.08 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\xmldm
[2010.06.17 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\Lee-ann\AppData\Roaming\YoudaGames
[2012.06.13 18:49:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.14 22:22:42 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\UPPACR.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:51387F29
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8140CB50
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
--- --- ---

[/code]

 

Themen zu Verschlüsselungs Trojaner entfernen!
ahnung, anti, anti malware, daten, entferne, entfernen, gefangen, gen, gepackt, installier, installiert, kriege, malwarebytes, quarantäne, troja, trojaner, trojaner entferne, trojaner entfernen, verschlüsselt, verschlüsselungen trojaner ukasch 100, verschlüsselungs, verschlüsselungs trojaner


« Windows Verschlüsselungstrojaner | Suisa Virus »


Ähnliche Themen: Verschlüsselungs Trojaner entfernen!


  1. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (1)
  2. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  3. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  4. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (7)
  5. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  6. windows verschlüsselungs trojaner wie entfernen?
    Log-Analyse und Auswertung - 29.06.2012 (1)
  7. windows verschlüsselungs trojaner wie entfernen?
    Log-Analyse und Auswertung - 19.06.2012 (1)
  8. (2x) windows verschlüsselungs trojaner wie entfernen?
    Mülltonne - 19.06.2012 (1)
  9. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 19.06.2012 (1)
  10. Wie das Tool zum Entfernen des Verschlüsselungs-Trojaner auf den infizierten PC?
    Log-Analyse und Auswertung - 13.06.2012 (1)
  11. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (4)
  12. verschlüsselungs- trojaner
    Diskussionsforum - 10.06.2012 (1)
  13. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  14. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  15. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (2)
  16. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
  17. Verschlüsselungs-Trojaner Trojan:W32/RansomCrypt entfernen
    Anleitungen, FAQs & Links - 25.04.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungs Trojaner entfernen! - Hier nun eure gewüschten Logfiles von mir!! ich bin echt verzweifelt, vielleicht sollte ich doch lieber jemaden Ranlassen der mehr ahnung von PC´s hat wie ich ich bin einfach nicht - Verschlüsselungs Trojaner entfernen!...
Archiv
Du betrachtest: Verschlüsselungs Trojaner entfernen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131