| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes findet Trojan.XBuild402Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.10.2012, 15:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malwarebytes findet Trojan.XBuild402 Du brauchst nicht bei jedem Post zu fragen wie es weitergehen soll Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.10.2012, 16:25
| #17 |
| Gesperrt | Malwarebytes findet Trojan.XBuild402 Ja, funktioniert nach wie vor alles ohne Probleme!
__________________Im Startmenu ist auch alles drin, wüßte nicht, dass etwas fehlt. Ich habe nur meine alte Firefox Version komplett gelöscht und einen neuen installiert, da mir das jetzt doch langsam etwas zu unheimlich wurde, aufgrund der vielen Viren, die in meinen Homepages zu finden waren. |
|
11.10.2012, 18:35
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
11.10.2012, 18:54
| #19 |
| Gesperrt | Malwarebytes findet Trojan.XBuild402 ok, habe versehentlich auf scan gedrückt, schlimm?! [code] ortOTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 19:39:46 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Desktop\Internet Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,40% Memory free 5,98 Gb Paging File | 3,95 Gb Available in Paging File | 66,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 800,84 Gb Free Space | 88,94% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive I: | 931,28 Gb Total Space | 702,45 Gb Free Space | 75,43% Space Free | Partition Type: FAT32 Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Capture.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Users\DREAM\Desktop\Internet\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Windows\System32\FAIEExtension.dll () MOD - C:\Windows\System32\FAib.dll () MOD - C:\Windows\System32\FACrashRpt.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (M4-Service) -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation) SRV - (Apache2.4) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FAService) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.002\NAVENG.SYS (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121010.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys (Symantec Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.comhxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.channel-live.tv/anmelde [Binary data over 200 bytes] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{2FEFC237-DDCF-46C2-823A-634556AA9CAA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6631FA36-8D1C-46EF-A9AD-CF639AE383C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledAddons: firefile@strebitzer.at:0.9.0 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9 FF - prefs.js..extensions.enabledAddons: {02450914-cdd9-410f-b1da-db004e18c671}:0.96.8c FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.7.5.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.02 11:50:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files\Sensible Vision\Fast Access\xpcom_fasso\ [2011.01.05 18:24:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.30 23:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.10.11 18:16:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.09.09 01:12:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.11 13:48:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 10:53:34 | 000,000,000 | ---D | M] [2012.10.11 13:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Extensions [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions [2012.10.11 18:14:47 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.11 18:02:30 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.11 18:03:48 | 000,079,299 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firefile@strebitzer.at.xpi [2012.10.11 18:14:40 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\seostatus@rubyweb.xpi [2012.10.11 18:14:40 | 000,094,079 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2012.10.11 18:14:46 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 18:03:49 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.11 18:14:46 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.11 13:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.09 01:12:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.10.11 18:16:54 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012.06.30 23:04:10 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: SiteAdvisor = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-18..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BC47DC-B626-42D7-88A6-1542B81B945D}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2002.10.17 09:56:50 | 000,000,036 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - I:\AUTORUN -- [ FAT32 ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Adobe CS5\Set-up.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 13:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.11 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.10.10 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2012.10.10 18:17:00 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.10.10 12:50:06 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 12:50:05 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.09 21:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.08 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Systweak [2012.10.07 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.10.07 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [2012.10.07 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wise [2012.10.07 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.10.07 21:57:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.10.07 18:05:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.10.07 18:04:57 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.10.07 18:04:57 | 001,759,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.10.07 18:04:57 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2012.10.07 18:04:57 | 000,367,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2012.10.07 18:04:57 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.10.07 18:04:57 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.10.07 18:04:57 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.10.07 18:04:57 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.10.07 18:04:57 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.10.07 18:04:57 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.10.07 18:04:57 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.10.07 18:04:57 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.10.07 18:04:57 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2012.10.07 18:04:56 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.10.07 18:04:56 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.10.07 18:04:56 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.10.07 18:04:56 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.10.07 18:04:56 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.10.07 18:04:56 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.10.07 18:04:56 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.10.07 18:04:56 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.10.07 18:04:56 | 000,299,936 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.10.07 18:04:56 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.10.07 18:04:56 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.10.07 18:04:56 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.10.07 18:04:56 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2012.10.07 18:04:56 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.10.07 18:04:56 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.10.07 18:04:56 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2012.10.04 10:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.04 09:06:42 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private [2012.10.01 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2012.09.29 20:22:52 | 000,000,000 | ---D | C] -- C:\install_50673c7c7edad [2012.09.29 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\joomla-template [2012.09.29 11:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.09.29 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.29 10:05:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.29 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.28 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.28 11:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.27 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Virusverdacht [2012.09.27 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.27 13:50:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.27 13:49:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.27 13:49:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.27 13:49:30 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.27 10:37:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.09.27 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Malwarebytes [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.27 10:18:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.27 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.26 14:02:25 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Hexagon [2012.09.26 12:46:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.09.26 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\DATA BECKER [2012.09.26 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Chromium [2012.09.26 09:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\A5 HTML5 Animator Projekte [2012.09.26 09:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DATA BECKER [2012.09.25 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\.thumbnails [2012.09.25 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.09.25 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.09.25 15:10:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\SmartFTP [2012.09.25 15:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client [2012.09.25 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2012.09.25 15:08:41 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\wc [2012.09.25 15:08:40 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.25 15:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.1 Setup Files [2012.09.25 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 15:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck [2012.09.25 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberduck [2012.09.25 07:37:26 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\DAZ 3D [2012.09.24 22:58:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D [2012.09.24 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Bryce [2012.09.24 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 20:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D [2012.09.24 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ [2012.09.24 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D [2012.09.24 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2012.09.23 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\e-on software [2012.09.23 13:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software [2012.09.23 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\e-onsoftware [2012.09.23 03:01:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.23 03:01:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.23 03:01:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.23 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.23 03:01:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.23 03:01:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.23 03:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.23 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.18 09:12:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Keibef [2012.09.18 09:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.09.16 10:03:39 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\Responsive-Webdesign [2012.09.15 11:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.15 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.12 07:49:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.09.12 07:49:26 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.09.12 07:49:26 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.12 07:49:26 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.01.16 00:11:08 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\Users\DREAM\FileZilla_3.5.3_win32-setup.exe [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.11 19:33:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job [2012.10.11 19:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.11 19:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.11 17:37:01 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:37:01 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:28:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.11 17:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 17:27:21 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.11 15:43:17 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for DREAM.job [2012.10.11 13:48:43 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 11:23:44 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00003409.LCS [2012.10.11 07:32:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job [2012.10.10 21:35:44 | 000,697,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.10 21:35:44 | 000,652,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.10 21:35:44 | 000,148,314 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.10 21:35:44 | 000,121,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.10 21:16:30 | 000,002,231 | ---- | M] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.10 18:17:02 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.10 18:17:02 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.10 18:17:00 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.10.09 10:49:57 | 000,000,546 | ---- | M] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | M] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:32 | 000,002,472 | ---- | M] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:39 | 000,002,584 | ---- | M] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.07 17:01:43 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2012.10.07 16:57:57 | 000,013,312 | ---- | M] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.04 16:57:19 | 000,023,588 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2012.10.04 09:41:36 | 000,000,017 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.10.02 08:34:30 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.29 20:22:49 | 001,227,777 | ---- | M] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:45 | 002,235,773 | ---- | M] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.29 11:30:28 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.09.28 17:16:19 | 000,002,448 | ---- | M] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 13:49:24 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.27 13:49:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.27 13:49:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.27 13:49:23 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.27 13:49:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.27 13:49:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.27 11:46:34 | 000,000,000 | ---- | M] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:27:02 | 000,001,704 | ---- | M] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:26 | 000,001,448 | ---- | M] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:33 | 000,001,704 | ---- | M] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.26 10:48:20 | 000,002,392 | ---- | M] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | M] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:53:15 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:33 | 000,002,152 | ---- | M] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:11 | 000,002,240 | ---- | M] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:09 | 000,002,152 | ---- | M] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | M] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 6 xStream.reg [2012.09.21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.09.19 10:51:51 | 000,000,575 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.18 11:49:01 | 000,001,456 | ---- | M] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.09.17 10:38:13 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI [2012.09.16 09:31:34 | 000,002,376 | ---- | M] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:01 | 000,002,280 | ---- | M] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.11 13:48:43 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 13:48:42 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.10 21:16:30 | 000,002,231 | ---- | C] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.09 10:49:12 | 000,000,546 | ---- | C] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | C] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:31 | 000,002,472 | ---- | C] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:37 | 000,002,584 | ---- | C] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.04 09:41:36 | 000,000,017 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.09.29 20:22:48 | 001,227,777 | ---- | C] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:28 | 002,235,773 | ---- | C] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.28 17:16:14 | 000,002,448 | ---- | C] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 11:46:34 | 000,000,000 | ---- | C] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:26:58 | 000,001,704 | ---- | C] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:19 | 000,001,448 | ---- | C] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:32 | 000,001,704 | ---- | C] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.27 10:27:22 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.09.26 10:48:19 | 000,002,392 | ---- | C] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | C] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:54:07 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00003409.LCS [2012.09.26 09:53:15 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:32 | 000,002,152 | ---- | C] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:10 | 000,002,240 | ---- | C] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:08 | 000,002,152 | ---- | C] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | C] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 6 xStream.reg [2012.09.19 10:51:51 | 000,000,575 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.16 09:31:33 | 000,002,376 | ---- | C] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:00 | 000,002,280 | ---- | C] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2012.08.21 11:08:33 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.07.03 19:37:28 | 000,000,600 | ---- | C] () -- C:\Users\DREAM\AppData\Local\PUTTY.RND [2012.05.27 10:30:13 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2012.04.16 08:04:13 | 000,000,085 | ---- | C] () -- C:\Users\DREAM\mm_backup.cfg [2012.03.27 12:04:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2012.02.05 12:18:31 | 000,005,028 | ---- | C] () -- C:\ProgramData\cgatmfqq.mbd [2012.02.02 11:13:39 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.01.19 17:08:17 | 000,071,558 | ---- | C] () -- C:\Windows\php.ini [2012.01.06 11:11:07 | 000,001,456 | ---- | C] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.03.23 18:22:38 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.03.05 19:04:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.01.23 12:40:48 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.07 14:24:19 | 000,000,247 | ---- | C] () -- C:\Windows\pegaadr.ini [2011.01.07 14:24:19 | 000,000,158 | ---- | C] () -- C:\Windows\pegatext.ini [2011.01.07 14:23:23 | 000,000,416 | ---- | C] () -- C:\Windows\PSBooks.INI [2011.01.06 13:52:19 | 000,023,588 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2011.01.02 20:54:48 | 000,013,312 | ---- | C] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.02 16:05:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.02 16:00:52 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.01.01 23:55:44 | 000,000,668 | ---- | C] () -- C:\Windows\asglobe.ini [2011.01.01 22:45:07 | 000,051,815 | R--- | C] () -- C:\Windows\System32\QPRO200.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC4.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\Jucalc2.dll [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC.DLL [2011.01.01 22:44:27 | 000,282,112 | R--- | C] () -- C:\Windows\System32\ASTR.DLL [2011.01.01 22:44:27 | 000,112,640 | R--- | C] () -- C:\Windows\System32\AW300.DLL [2010.11.17 14:29:26 | 000,087,176 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll [2010.11.17 14:29:22 | 000,057,480 | ---- | C] () -- C:\Windows\System32\FAib.dll [2010.11.17 14:29:14 | 000,249,480 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.05 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\1&1 [2011.02.19 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\acccore [2011.06.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alawar [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.19 10:20:32 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2011.10.28 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Avant Downloader [2012.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\BullGuard [2012.09.19 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2011.04.08 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.19 22:36:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Colibri Games [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2011.08.04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DivoGames [2012.10.11 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Dropbox [2011.01.06 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.03.20 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Easy MP3 Recorder [2012.09.18 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.19 10:20:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.05.27 10:54:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\eXPert PDF Editor [2011.02.03 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileOpen [2012.10.11 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileZilla [2012.01.28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Free Audio Editor [2011.02.12 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\freshgames [2012.09.19 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.02.16 11:56:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\gotomaxx [2012.09.19 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.06.30 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\IrfanView [2011.03.18 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Jane s Hotel [2012.09.19 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Keibef [2011.01.05 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Leadertech [2011.01.05 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MAGIX [2011.10.03 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Maxthon3 [2011.06.26 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Media Get LLC [2011.07.28 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo [2012.10.11 03:20:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo 4 [2012.02.05 12:21:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MOVAVI [2011.06.06 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\My Games [2011.07.11 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\NevoSoft [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.06.30 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Notepad++ [2011.02.13 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\OpenOffice.org [2011.04.14 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Opera [2011.09.01 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PathToSuccess [2011.06.12 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PlayFirst [2012.06.08 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PngOptimizer [2011.12.28 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PoBros [2012.10.11 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.09.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Registry Mechanic [2012.10.07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\SoftGrid Client [2011.03.08 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Softland [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Software Inspection Library [2011.01.16 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.09.05 18:50:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TeamViewer [2011.05.27 23:24:58 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Tific [2012.02.01 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TP [2012.09.19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TweetAdder3 [2012.01.31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ulead Systems [2012.09.19 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.10.07 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.09.25 15:08:40 | 000,000,000 | -HSD | M] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.19 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.08.10 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Zylom [2012.07.05 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} [2012.10.08 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\teddybaer\AppData\Roaming\Systweak ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FDDD8917 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > |
|
11.10.2012, 20:00
| #20 |
| Gesperrt | Malwarebytes findet Trojan.XBuild402 Ok, habe vorsichtshalber nochmal einen QuickScan gemacht: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 19:57:36 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Desktop\Internet Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,92% Memory free 5,98 Gb Paging File | 3,71 Gb Available in Paging File | 62,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 800,83 Gb Free Space | 88,94% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive I: | 931,28 Gb Total Space | 702,45 Gb Free Space | 75,43% Space Free | Partition Type: FAT32 Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Capture.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Users\DREAM\Desktop\Internet\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files\Cyberduck\Cyberduck.exe (Cyberduck) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VistaBridgeLibrary\0b1b88f6c0d5cf1873cecf9681831465\VistaBridgeLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows7.DesktopInt#\09e4b3b0679e5236f4dd91cae9781391\Windows7.DesktopIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ActiveButtons\0a7c97556fb73e7b16056d538523ba51\ActiveButtons.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ExceptionReporter.W#\faea8788f95fcc66b1aa2c4140b3abf5\ExceptionReporter.WinForms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomOpenFileFolde#\88089c5c2c4bf57cb72c8e3e7a066e62\CustomOpenFileFolderDialog.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Growl.Connector\50992ed3c0ff9666a58b86edd1c7044b\Growl.Connector.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AutomaticUpdater\15b1c2f285daf47b4fb3072551141a8c\AutomaticUpdater.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Growl.CoreLibrary\085f9b4eea1d77dd818f3e48332927cc\Growl.CoreLibrary.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ObjectListView\c484af93ea1c210d9161bba764d69659\ObjectListView.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.Bonjour\1e84e8f2e9fd831aadf0df2bbcc433de\Interop.Bonjour.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\StructureMap\2d4805f1ce6934413bad8f25bc5926c3\StructureMap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.XML.Pa#\54bd6f5910e6756b0545925649d4a0d8\IKVM.OpenJDK.XML.Parse.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Securi#\f786e7d7581a3cd80427c70932c94205\IKVM.OpenJDK.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.XML.API\5778b80e69eea87286918f09c015dc78\IKVM.OpenJDK.XML.API.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Beans\e24a3710c9aa872bf278adb0a69333e5\IKVM.OpenJDK.Beans.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.SwingA#\8f2133bd58c1ada5812b229127598326\IKVM.OpenJDK.SwingAWT.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Util\30f61acbd537d7a68994dbf78842356e\IKVM.OpenJDK.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Text\fea97eb1b049b487c1dc6ed13eca51c2\IKVM.OpenJDK.Text.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Core\84ede534e06e9ccdfbd9c7a28d357abc\IKVM.OpenJDK.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IKVM.Runtime\53608d5debdf99f858f3918af931a73e\IKVM.Runtime.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\core\0f9e3093ae04cf94a45d8c329167e02f\core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Cyberduck\80b50aa98472577f2c3d7522a8e80b13\Cyberduck.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\ecde3362b4d67a0025c3c9d5b9525f4a\System.Design.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Windows\System32\FAIEExtension.dll () MOD - C:\Windows\System32\FAib.dll () MOD - C:\Windows\System32\FACrashRpt.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (M4-Service) -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation) SRV - (Apache2.4) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FAService) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.002\NAVENG.SYS (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121010.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys (Symantec Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.comhxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.channel-live.tv/anmelde [Binary data over 200 bytes] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{2FEFC237-DDCF-46C2-823A-634556AA9CAA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6631FA36-8D1C-46EF-A9AD-CF639AE383C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledAddons: firefile@strebitzer.at:0.9.0 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9 FF - prefs.js..extensions.enabledAddons: {02450914-cdd9-410f-b1da-db004e18c671}:0.96.8c FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.7.5.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.02 11:50:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files\Sensible Vision\Fast Access\xpcom_fasso\ [2011.01.05 18:24:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.30 23:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.10.11 18:16:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.09.09 01:12:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.11 13:48:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 10:53:34 | 000,000,000 | ---D | M] [2012.10.11 13:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Extensions [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions [2012.10.11 18:14:47 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.11 18:02:30 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.11 18:03:48 | 000,079,299 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firefile@strebitzer.at.xpi [2012.10.11 18:14:40 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\seostatus@rubyweb.xpi [2012.10.11 18:14:40 | 000,094,079 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2012.10.11 18:14:46 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 18:03:49 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.11 18:14:46 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.11 13:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.09 01:12:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.10.11 18:16:54 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012.06.30 23:04:10 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: SiteAdvisor = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-18..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BC47DC-B626-42D7-88A6-1542B81B945D}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2002.10.17 09:56:50 | 000,000,036 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - I:\AUTORUN -- [ FAT32 ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Adobe CS5\Set-up.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 13:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.11 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.10.10 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2012.10.09 21:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.08 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Systweak [2012.10.07 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.10.07 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [2012.10.07 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wise [2012.10.07 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.10.07 21:57:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.10.07 18:05:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.10.07 18:04:57 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.10.07 18:04:57 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.10.07 18:04:57 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.10.07 18:04:57 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.10.07 18:04:57 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.10.07 18:04:57 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.10.07 18:04:57 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.10.07 18:04:57 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.10.07 18:04:57 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.10.07 18:04:56 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.10.07 18:04:56 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.10.07 18:04:56 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.10.07 18:04:56 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.10.07 18:04:56 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.10.07 18:04:56 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.10.07 18:04:56 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.10.07 18:04:56 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.10.07 18:04:56 | 000,299,936 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.10.07 18:04:56 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.10.07 18:04:56 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.10.07 18:04:56 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.10.07 18:04:56 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.10.07 18:04:56 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.10.04 10:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.04 09:06:42 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private [2012.10.01 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2012.09.29 20:22:52 | 000,000,000 | ---D | C] -- C:\install_50673c7c7edad [2012.09.29 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\joomla-template [2012.09.29 11:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.09.29 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.29 10:05:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.29 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.28 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.28 11:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.27 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Virusverdacht [2012.09.27 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.27 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Malwarebytes [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.27 10:18:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.27 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.26 14:02:25 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Hexagon [2012.09.26 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\DATA BECKER [2012.09.26 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Chromium [2012.09.26 09:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\A5 HTML5 Animator Projekte [2012.09.26 09:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DATA BECKER [2012.09.25 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\.thumbnails [2012.09.25 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.09.25 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.09.25 15:10:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\SmartFTP [2012.09.25 15:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client [2012.09.25 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2012.09.25 15:08:41 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\wc [2012.09.25 15:08:40 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.25 15:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.1 Setup Files [2012.09.25 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 15:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck [2012.09.25 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberduck [2012.09.25 07:37:26 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\DAZ 3D [2012.09.24 22:58:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D [2012.09.24 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Bryce [2012.09.24 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 20:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D [2012.09.24 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ [2012.09.24 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D [2012.09.24 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2012.09.23 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\e-on software [2012.09.23 13:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software [2012.09.23 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\e-onsoftware [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.18 09:12:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Keibef [2012.09.18 09:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.09.16 10:03:39 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\Responsive-Webdesign [2012.09.15 11:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.15 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.01.16 00:11:08 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\Users\DREAM\FileZilla_3.5.3_win32-setup.exe [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.11 19:33:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job [2012.10.11 19:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.11 19:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.11 17:37:01 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:37:01 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:28:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.11 17:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 17:27:21 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.11 15:43:17 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for DREAM.job [2012.10.11 13:48:43 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 11:23:44 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00003409.LCS [2012.10.11 07:32:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job [2012.10.10 21:35:44 | 000,697,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.10 21:35:44 | 000,652,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.10 21:35:44 | 000,148,314 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.10 21:35:44 | 000,121,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.10 21:16:30 | 000,002,231 | ---- | M] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.09 10:49:57 | 000,000,546 | ---- | M] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | M] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:32 | 000,002,472 | ---- | M] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:39 | 000,002,584 | ---- | M] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.07 17:01:43 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2012.10.07 16:57:57 | 000,013,312 | ---- | M] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.04 16:57:19 | 000,023,588 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2012.10.04 09:41:36 | 000,000,017 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.10.02 08:34:30 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.29 20:22:49 | 001,227,777 | ---- | M] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:45 | 002,235,773 | ---- | M] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.29 11:30:28 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.09.28 17:16:19 | 000,002,448 | ---- | M] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 11:46:34 | 000,000,000 | ---- | M] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:27:02 | 000,001,704 | ---- | M] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:26 | 000,001,448 | ---- | M] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:33 | 000,001,704 | ---- | M] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.26 10:48:20 | 000,002,392 | ---- | M] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | M] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:53:15 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:33 | 000,002,152 | ---- | M] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:11 | 000,002,240 | ---- | M] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:09 | 000,002,152 | ---- | M] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | M] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 6 xStream.reg [2012.09.21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.09.19 10:51:51 | 000,000,575 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.18 11:49:01 | 000,001,456 | ---- | M] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.09.17 10:38:13 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI [2012.09.16 09:31:34 | 000,002,376 | ---- | M] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:01 | 000,002,280 | ---- | M] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.11 13:48:43 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 13:48:42 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.10 21:16:30 | 000,002,231 | ---- | C] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.09 10:49:12 | 000,000,546 | ---- | C] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | C] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:31 | 000,002,472 | ---- | C] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:37 | 000,002,584 | ---- | C] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.04 09:41:36 | 000,000,017 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.09.29 20:22:48 | 001,227,777 | ---- | C] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:28 | 002,235,773 | ---- | C] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.28 17:16:14 | 000,002,448 | ---- | C] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 11:46:34 | 000,000,000 | ---- | C] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:26:58 | 000,001,704 | ---- | C] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:19 | 000,001,448 | ---- | C] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:32 | 000,001,704 | ---- | C] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.27 10:27:22 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.09.26 10:48:19 | 000,002,392 | ---- | C] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | C] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:54:07 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00003409.LCS [2012.09.26 09:53:15 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:32 | 000,002,152 | ---- | C] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:10 | 000,002,240 | ---- | C] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:08 | 000,002,152 | ---- | C] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | C] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 6 xStream.reg [2012.09.19 10:51:51 | 000,000,575 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.16 09:31:33 | 000,002,376 | ---- | C] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:00 | 000,002,280 | ---- | C] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2012.08.21 11:08:33 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.07.03 19:37:28 | 000,000,600 | ---- | C] () -- C:\Users\DREAM\AppData\Local\PUTTY.RND [2012.05.27 10:30:13 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2012.04.16 08:04:13 | 000,000,085 | ---- | C] () -- C:\Users\DREAM\mm_backup.cfg [2012.03.27 12:04:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2012.02.05 12:18:31 | 000,005,028 | ---- | C] () -- C:\ProgramData\cgatmfqq.mbd [2012.02.02 11:13:39 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.01.19 17:08:17 | 000,071,558 | ---- | C] () -- C:\Windows\php.ini [2012.01.06 11:11:07 | 000,001,456 | ---- | C] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.03.23 18:22:38 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.03.05 19:04:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.01.23 12:40:48 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.07 14:24:19 | 000,000,247 | ---- | C] () -- C:\Windows\pegaadr.ini [2011.01.07 14:24:19 | 000,000,158 | ---- | C] () -- C:\Windows\pegatext.ini [2011.01.07 14:23:23 | 000,000,416 | ---- | C] () -- C:\Windows\PSBooks.INI [2011.01.06 13:52:19 | 000,023,588 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2011.01.02 20:54:48 | 000,013,312 | ---- | C] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.02 16:05:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.02 16:00:52 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.01.01 23:55:44 | 000,000,668 | ---- | C] () -- C:\Windows\asglobe.ini [2011.01.01 22:45:07 | 000,051,815 | R--- | C] () -- C:\Windows\System32\QPRO200.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC4.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\Jucalc2.dll [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC.DLL [2011.01.01 22:44:27 | 000,282,112 | R--- | C] () -- C:\Windows\System32\ASTR.DLL [2011.01.01 22:44:27 | 000,112,640 | R--- | C] () -- C:\Windows\System32\AW300.DLL [2010.11.17 14:29:26 | 000,087,176 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll [2010.11.17 14:29:22 | 000,057,480 | ---- | C] () -- C:\Windows\System32\FAib.dll [2010.11.17 14:29:14 | 000,249,480 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.05 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\1&1 [2011.02.19 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\acccore [2011.06.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alawar [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.19 10:20:32 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2011.10.28 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Avant Downloader [2012.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\BullGuard [2012.09.19 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2011.04.08 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.19 22:36:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Colibri Games [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2011.08.04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DivoGames [2012.10.11 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Dropbox [2011.01.06 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.03.20 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Easy MP3 Recorder [2012.09.18 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.19 10:20:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.05.27 10:54:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\eXPert PDF Editor [2011.02.03 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileOpen [2012.10.11 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileZilla [2012.01.28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Free Audio Editor [2011.02.12 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\freshgames [2012.09.19 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.02.16 11:56:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\gotomaxx [2012.09.19 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.06.30 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\IrfanView [2011.03.18 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Jane s Hotel [2012.09.19 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Keibef [2011.01.05 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Leadertech [2011.01.05 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MAGIX [2011.10.03 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Maxthon3 [2011.06.26 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Media Get LLC [2011.07.28 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo [2012.10.11 03:20:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo 4 [2012.02.05 12:21:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MOVAVI [2011.06.06 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\My Games [2011.07.11 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\NevoSoft [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.06.30 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Notepad++ [2011.02.13 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\OpenOffice.org [2011.04.14 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Opera [2011.09.01 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PathToSuccess [2011.06.12 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PlayFirst [2012.06.08 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PngOptimizer [2011.12.28 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PoBros [2012.10.11 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.09.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Registry Mechanic [2012.10.07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\SoftGrid Client [2011.03.08 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Softland [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Software Inspection Library [2011.01.16 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.09.05 18:50:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TeamViewer [2011.05.27 23:24:58 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Tific [2012.02.01 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TP [2012.09.19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TweetAdder3 [2012.01.31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ulead Systems [2012.09.19 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.10.07 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.09.25 15:08:40 | 000,000,000 | -HSD | M] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.19 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.08.10 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Zylom [2012.07.05 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} [2012.10.08 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\teddybaer\AppData\Roaming\Systweak ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FDDD8917 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.10.2012 19:39:46 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Desktop\Internet
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,40% Memory free
5,98 Gb Paging File | 3,95 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 800,84 Gb Free Space | 88,94% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 931,28 Gb Total Space | 702,45 Gb Free Space | 75,43% Space Free | Partition Type: FAT32
Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17BDDBB6-DB4D-4185-985F-C39F8BA543B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29DC8545-7FF7-44D0-BEAB-77E0E135C5FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{411A545B-978C-4756-8B3D-3F4D1D888EFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4438FC95-891B-44D9-A8AF-B3A863D32915}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5566973F-6B06-42BF-9461-C730979B7532}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F75084D-D143-4AF1-8F02-6EACBFBC6D96}" = lport=138 | protocol=17 | dir=in | app=system |
"{79682863-87F0-4CAB-9CED-8972F5A31303}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B486582-87A7-4ED8-8B1A-90C3D198C4A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{842BE5FA-41D8-4D32-860D-3CDF24AC3648}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{893D85B2-D204-4E6E-B50B-73C95A751694}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92CEB482-2102-48DA-8184-428FAA1DBD6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4D69FFF-DDB8-4390-998D-6C6972CBA54B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B56E8982-C8E8-4574-80A1-C080BD493BF1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6431F31-FA32-4C9E-8CAF-C3B1688FF676}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEF351AB-6B2D-49BE-9699-368D10A8F0C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C71D3679-C3A3-44D1-9ED2-4D1F5D939F4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7AE957E-CEE1-4C35-9FA7-05850DC2D880}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA998E18-90B0-4F46-8195-45FFE76A9E06}" = lport=139 | protocol=6 | dir=in | app=system |
"{D707838A-C130-4C62-BB6D-37C50D3ED7EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDBAB3ED-038C-4DB7-A86B-805C18D632EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8916AD7-9860-45F2-A500-F3CD61542E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8D725D1-AE93-4F63-9ACF-6F08AEF01AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB9247F9-3736-44EF-A671-63D675B22284}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEA0C7C-6308-460F-82AB-FAFC84E3F165}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3834443-6052-4A2F-ADAC-B58972A9A138}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067BDDD5-E88F-4F77-8424-D4C666BEED5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{131E21E7-105D-48B8-8108-1ABE2C81355A}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"{1DE875B5-646E-462F-8FDD-CFD4FAA21975}" = protocol=6 | dir=in | app=c:\users\dream\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2EB40B70-893E-4CDD-89B4-979C2994E4F4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{3069E5D4-B6F0-4912-B573-D6376A65A11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3919FED0-0F40-4EBF-A89C-E754EDD97E2F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{436C5AA4-77A3-4976-BD94-C111648FFEEA}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{4D220EEF-D85E-4237-BCDA-512A4C4499A2}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{53650F5C-D434-4A68-A75C-6D45E0570210}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56DC7BD6-F073-49B3-B851-4D8679D8BE37}" = protocol=17 | dir=in | app=c:\users\dream\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5806F493-6DAB-442F-AB45-1618108AF2D6}" = protocol=6 | dir=in | app=c:\users\dream\appdata\roaming\dropbox\bin\dropbox.exe |
"{5D3F46A0-30F8-43DD-88B3-7656F78A8274}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5E7FD860-C0B3-446A-A6CC-67F440206209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{646A1B32-08B4-4228-BF8F-9E592D6D1B94}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{68080813-554D-4160-A33B-7355DE3794B2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{751DBF45-4339-4DDE-9AA9-0E124D8E6D29}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{789F85A7-9C83-4484-9179-9EB8A47BDF5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7AD81709-D745-461F-9FD6-6E377C8354E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FE5F545-F1F7-49D1-9752-6F5FC74875C4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{80A1FAED-1630-4727-9D5A-6F5618ED1F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82F8C3C8-12E1-4675-99C9-8FAF349E5BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8441A8E0-FE6A-4B17-AD36-C33A7A618437}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{8AB4D3FE-2315-4B98-BF5C-8A65B57D12CB}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"{98032D9D-0835-4ACB-8B2E-1194F2DF7FCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{998A11D3-210B-41D4-B998-4C2A0BC80990}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9D79A500-D62F-4B1C-AA2E-141529744A5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EFD097C-0492-4E01-B95A-8492B8E26DCA}" = protocol=6 | dir=out | app=system |
"{A189F921-78D2-4E1D-84F3-AACDEA38FD07}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{AB87329B-D471-484C-941A-4CD0B2F20EC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABC9B85B-7473-40A6-8570-4790D424A1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADF3E089-5326-4AA7-B6FA-E23A369E5D62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1D16DD4-1062-4A2A-8938-58DFA5D93B9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB09047D-4BC5-4FF6-8F2D-B9150157191A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C25E5F34-8FF9-420D-9580-79F9A23A73DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3644949-CA01-4B11-B9B0-6E0B654BD3CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9D4B175-88AA-47D0-B8F3-BF72A9DB7FA6}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{DE5A89AF-2DCD-4540-B457-29B2AC72AA1A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E17C1327-AA14-4A3D-8E2E-1480977FB591}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF58EA2E-B736-4475-BE2D-D8FC8879793E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F927ECB7-45DD-49CD-9532-8069E6287B80}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F9A93A41-7D46-4357-93AE-8400240561CB}" = protocol=17 | dir=in | app=c:\users\dream\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC0C09C5-EE17-467D-9E38-FA67649A726A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE7F4630-BCA6-41B9-990C-10E357938F94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF17C28C-CCB2-4E7C-9CC7-E378D2CF9B8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{3320DB46-7BA5-47F3-8910-B2DB0F16E1F7}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4347B095-2F5B-4B1C-89C1-EC5BBE6BA217}I:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=i:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe |
"TCP Query User{5A134FB6-168D-490D-878B-64CE69560AA8}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{72917F9B-A62B-4E62-8B69-FD6DED2B7E4A}I:\downloads\cms\mowes_portable\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=i:\downloads\cms\mowes_portable\apache2\bin\httpd.exe |
"TCP Query User{DD363A93-25A4-40AC-AE8A-AC3DB0471811}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{03015ED5-98A6-438E-8AC2-874BD1216A4A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{5FC380B7-F454-4E46-97CE-1BE5FDDD2EF6}I:\downloads\cms\mowes_portable\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=i:\downloads\cms\mowes_portable\apache2\bin\httpd.exe |
"UDP Query User{78CF522B-4508-40F9-B4A1-11300A5477CD}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{AC896AEB-EAF8-4115-9256-49EB93813546}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{CAA54093-FBD0-4D6A-8715-D254CF554730}I:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=i:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E572078-CDA2-4AB6-9E67-5E2AFBAA676D}" = FastAccess
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{12060177-6B2B-41A8-BB0C-E3AFFDABAF33}" = NetObjects Fusion 1&1 Edition
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{1E5BC577-0F79-44B3-B5E0-D75EDDC8C0CB}" = Tweet Adder 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DF099-EA5C-482D-9901-C0A8B539B417}" = Microsoft Web Platform Installer 4.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97837F9F-6CD7-4C1D-9C37-D22EA3ACAE33}" = BMWi-Softwarepaket 9.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5A52C02-1618-47DB-8A92-559DE29048EC}_is1" = Akeeba eXtract Wizard 3.2
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{CFBE146C-7664-41D1-BFD8-61600736E24C}" = SmartFTP Client German (Germany) MUI
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6B9C3A4-64F2-480C-95A1-5838A3BFDC51}" = SmartFTP Client
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"057c882e103cd9589befac1883d55afa" = Farm Frenzy - Ancient Rome
"1&1 SmartFax" = 1&1 SmartFax
"1632171a2b8ea5e52fba4dd4436f4b4a" = Roads of Rome
"3004635e27ba1a91c6a0812b580c01d9" = Double Pack Roads of Rome Deluxe
"326770532953c7aa909f983f94eee2f2" = Double Pack Plants vs Zombies Insaniquarium Deluxe
"397ae26e3ce5ccdc1af478a7b69177be" = Farm Frenzy - Gone Fishing!
"60ebd19c0e663d8d762ede5c572b7ff6" = Roads of Rome 2
"61f6d19a00f59fc4d27e8eb21f84b843" = 4 Elements II Premium Edition
"827bc50d929d3142db3db7d83e32ee38" = Farm Frenzy - Viking Heroes
"A5 HTML5 Animator_is1" = DATA BECKER A5 HTML5 Animator
"a5ca1c6c4feb0b356ccfb636f44b4f77" = Roads of Rome 3
"a90308deb488b90b0543ff928e822886" = Farm Frenzy 3
"a9b3007c2352af4b800280e7d7c22300" = Restaurant Rush
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"Alien Skin Blow Up 3" = Alien Skin Blow Up 3
"Alien Skin Bokeh 2" = Alien Skin Bokeh 2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"AvantBrowser" = Avant Browser (remove only)
"b77c6168069db0258baa69a7cc6dee24" = Island Realms
"bee08a15c88e44341c4f6d8ccb3ee246" = Fitness Dash(TM)
"Blender" = Blender
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"c40ba4951166b25188105b97864d7512" = Delicious - Emily's True Love Deluxe
"c411b85904f5f013a4ea53a5fc416ae6" = Farm Frenzy 3 - American Pie
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cyberduck" = Cyberduck 4.2.1 (9350)
"d81afa1ea41cb6f904a9dd1e78a7a567" = Double Pack Cradle of Rome and Persia Deluxe
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.5 4.5.0.114" = DAZ Studio 4.5
"Debut" = Debut Video Capture Software
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"FastStone Capture" = FastStone Capture 5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Google Chrome" = Google Chrome
"GSiteCrawler" = GSiteCrawler
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Logitech Vid" = Logitech Vid HD
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Maxthon3" = Maxthon 3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.10.2092" = Opera 11.10
"PEGASTAR® Personal Books" = PEGASTAR® Personal Books
"Pflanzen gegen Zombies Deluxe" = Pflanzen gegen Zombies Deluxe
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Prism" = Prism Video File Converter
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Security Task Manager" = Security Task Manager 1.8d
"Shockwave" = Shockwave
"SmartFTP Client 4.1 Setup Files" = SmartFTP Client 4.1 Setup Files (remove only)
"ST6UNST #1" = SizeMe 1.0
"TrueCrypt" = TrueCrypt
"TYPO3Winstaller_4.7.3" = TYPO3Winstaller - TYPO3 4.7.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"Vue 10 32bit" = Vue 10 32bit
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.45
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"xampp" = XAMPP 1.8.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mikogo 4" = Mikogo 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mikogo 4" = Mikogo 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"Mikogo 4" = Mikogo 4
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Ranch Rush 2 Deluxe" = Ranch Rush 2 Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 05:55:42 | Computer Name = DREAM-PC | Source = ESENT | ID = 482
Description = Windows (5700) Windows: Versuch, in Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"
bei Offset 456097792 (0x000000001b2f8000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 8 (0x00000008): "Für diesen Befehl ist nicht
genügend Speicher verfügbar. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation.
Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss
aus einer vorherigen Sicherung wiederhergestellt werden.
Error - 10.10.2012 07:33:35 | Computer Name = DREAM-PC | Source = MsiInstaller | ID = 11711
Description =
Error - 10.10.2012 21:30:22 | Computer Name = DREAM-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 11.10.2012 07:16:28 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x7f8 Startzeit der fehlerhaften Anwendung: 0x01cda74e8f5d9b8a Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
19bece1a-1395-11e2-89ef-6c626d82a5ef
Error - 11.10.2012 07:22:41 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x1420 Startzeit der fehlerhaften Anwendung: 0x01cda7a2266e530d Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
f7ff3d4e-1395-11e2-89ef-6c626d82a5ef
Error - 11.10.2012 10:19:51 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x370 Startzeit der fehlerhaften Anwendung: 0x01cda7ba7b242ec7 Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
b7a2bda9-13ae-11e2-9f48-6c626d82a5ef
Error - 11.10.2012 11:17:15 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x184 Startzeit der fehlerhaften Anwendung: 0x01cda7beffb30941 Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
bcc8f2c6-13b6-11e2-8e72-6c626d82a5ef
Error - 11.10.2012 12:03:54 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x55c Startzeit der fehlerhaften Anwendung: 0x01cda7c4f973ad51 Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
40c6be53-13bd-11e2-9ee5-6c626d82a5ef
Error - 11.10.2012 12:14:52 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0x15b8 Startzeit der fehlerhaften Anwendung: 0x01cda7ca4c0aa6de Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
c8ea948f-13be-11e2-9ee5-6c626d82a5ef
Error - 11.10.2012 12:17:40 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6,
Zeitstempel: 0x4fdbcf1d Name des fehlerhaften Moduls: COSVCPLG.DLL, Version: 2012.5.5.11,
Zeitstempel: 0x5000bad0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a414 ID des fehlerhaften
Prozesses: 0xc9c Startzeit der fehlerhaften Anwendung: 0x01cda7cbd3635e9d Pfad der
fehlerhaften Anwendung: C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
Pfad
des fehlerhaften Moduls: C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.8.0.14\COSVCPLG.DLL
Berichtskennung:
2d0e6e1b-13bf-11e2-9ee5-6c626d82a5ef
[ Media Center Events ]
Error - 24.02.2011 23:24:49 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:24:49 - Fehler beim Herstellen der Internetverbindung. 04:24:49
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 23:24:54 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:24:54 - Fehler beim Herstellen der Internetverbindung. 04:24:54
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 22:01:34 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 03:01:34 - Fehler beim Herstellen der Internetverbindung. 03:01:34
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 22:01:43 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 03:01:39 - Fehler beim Herstellen der Internetverbindung. 03:01:39
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 23:01:49 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:01:49 - Fehler beim Herstellen der Internetverbindung. 04:01:49
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 23:01:58 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:01:55 - Fehler beim Herstellen der Internetverbindung. 04:01:55
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 00:02:03 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 05:02:03 - Fehler beim Herstellen der Internetverbindung. 05:02:03
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 00:02:08 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 05:02:08 - Fehler beim Herstellen der Internetverbindung. 05:02:08
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 01:02:13 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 06:02:13 - Fehler beim Herstellen der Internetverbindung. 06:02:13
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 01:02:18 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 06:02:18 - Fehler beim Herstellen der Internetverbindung. 06:02:18
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.10.2012 02:15:51 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 10.10.2012 02:18:32 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 11.10.2012 07:16:33 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 07:22:42 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 10:19:53 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 10:47:01 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Server" wurde nicht richtig gestartet.
Error - 11.10.2012 11:17:20 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 12:03:56 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 12:14:53 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.10.2012 12:17:40 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
< End of report >
Was sagt Dir das eigentlich?  Danke nochmal. |
|
12.10.2012, 10:28
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Das war kein CustomScan, du hast meinen Text aus der CODE-Box nicht oder falsch reinkopiert
__________________ --> Malwarebytes findet Trojan.XBuild402 |
|
12.10.2012, 13:59
| #22 |
| Gesperrt |  Malwarebytes findet Trojan.XBuild402 Sorry, ich kann Dir grade nicht folgen... Was meinst Du mit "Custom"-Scan und was soll ich wohin kopiert haben????  OK, stand grad etwas auf der Leitung, glaub, jetzt hab ichs kapiert! OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.10.2012 15:03:36 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,47% Memory free 5,98 Gb Paging File | 3,80 Gb Available in Paging File | 63,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 800,30 Gb Free Space | 88,88% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive I: | 931,28 Gb Total Space | 702,45 Gb Free Space | 75,43% Space Free | Partition Type: FAT32 Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\DREAM\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Capture.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Windows\System32\FAIEExtension.dll () MOD - C:\Windows\System32\FAib.dll () MOD - C:\Windows\System32\FACrashRpt.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (M4-Service) -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation) SRV - (Apache2.4) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe () SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FAService) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision ) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.034\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.034\NAVENG.SYS (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121011.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys (Symantec Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.comhxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.channel-live.tv/anmelde [Binary data over 200 bytes] IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - No CLSID value found IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{2FEFC237-DDCF-46C2-823A-634556AA9CAA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6631FA36-8D1C-46EF-A9AD-CF639AE383C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms} IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2 FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledAddons: firefile@strebitzer.at:0.9.0 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9 FF - prefs.js..extensions.enabledAddons: {02450914-cdd9-410f-b1da-db004e18c671}:0.96.8c FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.7.5.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.02 11:50:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files\Sensible Vision\Fast Access\xpcom_fasso\ [2011.01.05 18:24:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.30 23:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.10.12 08:14:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.09.09 01:12:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.11 13:48:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 10:53:34 | 000,000,000 | ---D | M] [2012.10.11 13:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Extensions [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions [2012.10.11 18:14:47 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.10.11 18:14:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\t125x6pa.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.11 18:02:30 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.11 18:03:48 | 000,079,299 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\firefile@strebitzer.at.xpi [2012.10.11 18:14:40 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\seostatus@rubyweb.xpi [2012.10.11 18:14:40 | 000,094,079 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2012.10.11 18:14:46 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.10.11 18:03:49 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.11 18:14:46 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\t125x6pa.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.11 13:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.09 01:12:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012.10.12 08:14:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012.06.30 23:04:10 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll [2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: SiteAdvisor = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-18..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BC47DC-B626-42D7-88A6-1542B81B945D}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2002.10.17 09:56:50 | 000,000,036 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - I:\AUTORUN -- [ FAT32 ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Adobe CS5\Set-up.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^DREAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found MsConfig - StartUpFolder: C:^Users^DREAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.) MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe () MsConfig - StartUpReg: FATrayAlert - hkey= - key= - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) MsConfig - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: MobileDocuments - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SweetIM - hkey= - key= - File not found MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) MsConfig - StartUpReg: Uznezo - hkey= - key= - File not found MsConfig - StartUpReg: vspdfprsrv.exe - hkey= - key= - C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe () MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: BsScanner - Service SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: BsScanner - Service SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {BC07CF10-3AB5-8DB2-B2BA-9A73F79C6A1A} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {DA5927F2-0C44-42EC-8DE1-E0A1C08209E7} - Bing Bar ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{503879BC-E052-4521-B621-C06AC025F417} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: vidc.i420 - i420vfw.dll File not found Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - yv12vfw.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 13:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.11 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.10.10 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2012.10.09 21:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.08 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Systweak [2012.10.07 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.10.07 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [2012.10.07 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wise [2012.10.07 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.10.07 21:57:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.10.07 18:05:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.10.07 18:04:57 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.10.07 18:04:57 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.10.07 18:04:57 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.10.07 18:04:57 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.10.07 18:04:57 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.10.07 18:04:57 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.10.07 18:04:57 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.10.07 18:04:57 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.10.07 18:04:57 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.10.07 18:04:56 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.10.07 18:04:56 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.10.07 18:04:56 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.10.07 18:04:56 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.10.07 18:04:56 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.10.07 18:04:56 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.10.07 18:04:56 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.10.07 18:04:56 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.10.07 18:04:56 | 000,299,936 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.10.07 18:04:56 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.10.07 18:04:56 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.10.07 18:04:56 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.10.07 18:04:56 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.10.07 18:04:56 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.10.04 10:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.04 09:06:42 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private [2012.10.01 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2012.09.29 20:22:52 | 000,000,000 | ---D | C] -- C:\install_50673c7c7edad [2012.09.29 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\joomla-template [2012.09.29 11:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.09.29 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.29 10:05:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.29 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.28 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.28 11:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.27 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Virusverdacht [2012.09.27 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.27 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Malwarebytes [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.27 10:18:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.27 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.26 14:02:25 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Hexagon [2012.09.26 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\DATA BECKER [2012.09.26 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Chromium [2012.09.26 09:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER [2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\A5 HTML5 Animator Projekte [2012.09.26 09:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DATA BECKER [2012.09.25 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\.thumbnails [2012.09.25 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2012.09.25 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation [2012.09.25 15:10:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\SmartFTP [2012.09.25 15:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client [2012.09.25 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2012.09.25 15:08:41 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\wc [2012.09.25 15:08:40 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.25 15:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.1 Setup Files [2012.09.25 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 15:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck [2012.09.25 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberduck [2012.09.25 07:37:26 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\DAZ 3D [2012.09.24 22:58:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D [2012.09.24 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Bryce [2012.09.24 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 20:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D [2012.09.24 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D [2012.09.24 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ [2012.09.24 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D [2012.09.24 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2012.09.23 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-on software [2012.09.23 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\e-on software [2012.09.23 13:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software [2012.09.23 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\e-onsoftware [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.18 09:12:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Keibef [2012.09.18 09:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.09.16 10:03:39 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\Responsive-Webdesign [2012.09.15 11:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.15 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.01.16 00:11:08 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\Users\DREAM\FileZilla_3.5.3_win32-setup.exe [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.12 15:08:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.12 14:33:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.12 14:33:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job [2012.10.12 14:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.12 09:44:27 | 000,023,724 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2012.10.12 09:08:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.12 07:32:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job [2012.10.12 03:25:33 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.12 03:25:33 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.12 03:17:39 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.11 15:43:17 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for DREAM.job [2012.10.11 13:48:43 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 11:23:44 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00003409.LCS [2012.10.10 21:35:44 | 000,697,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.10 21:35:44 | 000,652,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.10 21:35:44 | 000,148,314 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.10 21:35:44 | 000,121,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.10 21:16:30 | 000,002,231 | ---- | M] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.09 10:49:57 | 000,000,546 | ---- | M] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | M] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:32 | 000,002,472 | ---- | M] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:39 | 000,002,584 | ---- | M] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.07 17:01:43 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2012.10.07 16:57:57 | 000,013,312 | ---- | M] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.04 09:41:36 | 000,000,017 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.10.02 08:34:30 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.29 20:22:49 | 001,227,777 | ---- | M] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:45 | 002,235,773 | ---- | M] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.29 11:30:28 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.09.28 17:16:19 | 000,002,448 | ---- | M] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 11:46:34 | 000,000,000 | ---- | M] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:27:02 | 000,001,704 | ---- | M] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:26 | 000,001,448 | ---- | M] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:33 | 000,001,704 | ---- | M] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.26 10:48:20 | 000,002,392 | ---- | M] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | M] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:53:15 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:33 | 000,002,152 | ---- | M] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:11 | 000,002,240 | ---- | M] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:09 | 000,002,152 | ---- | M] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | M] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 6 xStream.reg [2012.09.21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.09.19 10:51:51 | 000,000,575 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.18 11:49:01 | 000,001,456 | ---- | M] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.09.17 10:38:13 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI [2012.09.16 09:31:34 | 000,002,376 | ---- | M] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:01 | 000,002,280 | ---- | M] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.11 13:48:43 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.11 13:48:42 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.10 21:16:30 | 000,002,231 | ---- | C] () -- C:\Users\DREAM\Desktop\Kindle.lnk [2012.10.09 10:49:12 | 000,000,546 | ---- | C] () -- C:\error.php [2012.10.09 08:44:00 | 000,002,576 | ---- | C] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} [2012.10.08 08:06:31 | 000,002,472 | ---- | C] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} [2012.10.08 08:04:37 | 000,002,584 | ---- | C] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} [2012.10.07 22:23:13 | 000,193,553 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma [2012.10.07 22:20:45 | 000,171,103 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma [2012.10.04 09:41:36 | 000,000,017 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan [2012.09.29 20:22:48 | 001,227,777 | ---- | C] () -- C:\art-blog-1.6-unrar.first.zip [2012.09.29 19:24:28 | 002,235,773 | ---- | C] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip [2012.09.28 17:16:14 | 000,002,448 | ---- | C] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} [2012.09.27 11:46:34 | 000,000,000 | ---- | C] () -- C:\Users\DREAM\defogger_reenable [2012.09.27 11:26:58 | 000,001,704 | ---- | C] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} [2012.09.27 11:08:19 | 000,001,448 | ---- | C] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} [2012.09.27 10:55:32 | 000,001,704 | ---- | C] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} [2012.09.27 10:27:22 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.09.26 10:48:19 | 000,002,392 | ---- | C] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} [2012.09.26 10:03:32 | 000,002,128 | ---- | C] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} [2012.09.26 09:54:07 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00003409.LCS [2012.09.26 09:53:15 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk [2012.09.26 09:27:32 | 000,002,152 | ---- | C] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} [2012.09.25 15:10:10 | 000,002,240 | ---- | C] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} [2012.09.25 09:56:08 | 000,002,152 | ---- | C] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569} [2012.09.23 13:30:28 | 000,000,072 | ---- | C] () -- C:\Windows\Vue 7.5 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 7 xStream.reg [2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 6 xStream.reg [2012.09.19 10:51:51 | 000,000,575 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat [2012.09.16 09:31:33 | 000,002,376 | ---- | C] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} [2012.09.15 12:21:00 | 000,002,280 | ---- | C] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} [2012.08.21 11:08:33 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.07.03 19:37:28 | 000,000,600 | ---- | C] () -- C:\Users\DREAM\AppData\Local\PUTTY.RND [2012.05.27 10:30:13 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2012.04.16 08:04:13 | 000,000,085 | ---- | C] () -- C:\Users\DREAM\mm_backup.cfg [2012.03.27 12:04:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2012.02.05 12:18:31 | 000,005,028 | ---- | C] () -- C:\ProgramData\cgatmfqq.mbd [2012.02.02 11:13:39 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2012.01.19 17:08:17 | 000,071,558 | ---- | C] () -- C:\Windows\php.ini [2012.01.06 11:11:07 | 000,001,456 | ---- | C] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.03.23 18:22:38 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.03.05 19:04:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll [2011.01.23 12:40:48 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.07 14:24:19 | 000,000,247 | ---- | C] () -- C:\Windows\pegaadr.ini [2011.01.07 14:24:19 | 000,000,158 | ---- | C] () -- C:\Windows\pegatext.ini [2011.01.07 14:23:23 | 000,000,416 | ---- | C] () -- C:\Windows\PSBooks.INI [2011.01.06 13:52:19 | 000,023,724 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat [2011.01.02 20:54:48 | 000,013,312 | ---- | C] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.02 16:05:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.02 16:00:52 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.01.01 23:55:44 | 000,000,668 | ---- | C] () -- C:\Windows\asglobe.ini [2011.01.01 22:45:07 | 000,051,815 | R--- | C] () -- C:\Windows\System32\QPRO200.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC4.DLL [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\Jucalc2.dll [2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC.DLL [2011.01.01 22:44:27 | 000,282,112 | R--- | C] () -- C:\Windows\System32\ASTR.DLL [2011.01.01 22:44:27 | 000,112,640 | R--- | C] () -- C:\Windows\System32\AW300.DLL [2010.11.17 14:29:26 | 000,087,176 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll [2010.11.17 14:29:22 | 000,057,480 | ---- | C] () -- C:\Windows\System32\FAib.dll [2010.11.17 14:29:14 | 000,249,480 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.05 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\1&1 [2011.02.19 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\acccore [2011.06.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alawar [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.19 10:20:32 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2011.10.28 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Avant Downloader [2012.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\BullGuard [2012.09.19 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2011.04.08 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.19 22:36:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Colibri Games [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2012.09.25 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2011.08.04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DivoGames [2012.10.11 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Dropbox [2011.01.06 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.03.20 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Easy MP3 Recorder [2012.09.18 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.19 10:20:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.05.27 10:54:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\eXPert PDF Editor [2011.02.03 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileOpen [2012.10.11 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileZilla [2012.01.28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Free Audio Editor [2011.02.12 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\freshgames [2012.09.19 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.02.16 11:56:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\gotomaxx [2012.09.19 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ilados [2012.06.30 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\IrfanView [2011.03.18 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Jane s Hotel [2012.09.19 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Keibef [2011.01.05 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Leadertech [2011.01.05 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MAGIX [2011.10.03 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Maxthon3 [2011.06.26 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Media Get LLC [2011.07.28 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo [2012.10.12 03:18:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo 4 [2012.02.05 12:21:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MOVAVI [2011.06.06 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\My Games [2011.07.11 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\NevoSoft [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.06.30 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Notepad++ [2011.02.13 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\OpenOffice.org [2011.04.14 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Opera [2011.09.01 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PathToSuccess [2011.06.12 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PlayFirst [2012.06.08 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PngOptimizer [2011.12.28 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PoBros [2012.10.11 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.09.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Registry Mechanic [2012.10.07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\SoftGrid Client [2011.03.08 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Softland [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Software Inspection Library [2011.01.16 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.09.05 18:50:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TeamViewer [2011.05.27 23:24:58 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Tific [2012.02.01 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TP [2012.09.19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TweetAdder3 [2012.01.31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ulead Systems [2012.09.19 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.10.07 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.09.25 15:08:40 | 000,000,000 | -HSD | M] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.19 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.08.10 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Zylom [2012.07.05 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} [2012.10.08 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\teddybaer\AppData\Roaming\Systweak ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.05 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\1&1 [2011.02.19 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\acccore [2012.07.31 23:27:49 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Adobe [2011.01.16 22:08:26 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Adobe Mini Bridge CS5 [2011.06.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alawar [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Alezo [2012.09.19 10:20:32 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Amqoev [2012.09.29 13:12:33 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Apple Computer [2011.01.01 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\ATI [2011.10.28 23:38:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Avant Downloader [2012.09.26 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Avant Profiles [2012.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\BullGuard [2012.09.19 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cakyna [2011.04.08 20:33:01 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.19 22:36:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Colibri Games [2011.03.16 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Corel [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cufuta [2012.09.25 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Cyberduck [2011.11.25 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\CyberLink [2012.09.25 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D [2011.08.04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DivoGames [2012.10.11 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Dropbox [2011.01.06 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.23 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\e-on software [2012.03.20 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Easy MP3 Recorder [2012.09.18 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Eqko [2012.09.19 10:20:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ewasa [2012.05.27 10:54:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\eXPert PDF Editor [2011.01.02 14:15:25 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FastStone [2011.02.03 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileOpen [2012.10.11 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\FileZilla [2012.01.28 12:45:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Free Audio Editor [2011.02.12 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\freshgames [2012.09.19 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy [2012.02.16 11:56:47 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\gotomaxx [2012.08.10 19:19:52 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Identities [2012.01.19 16:34:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\IDMComp [2012.09.19 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ihaf [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ilados [2011.01.01 22:05:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Intel Corporation [2012.06.30 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\IrfanView [2011.03.18 22:40:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Jane s Hotel [2012.09.19 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Keibef [2011.01.05 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Leadertech [2011.01.01 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Macromedia [2011.01.05 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MAGIX [2012.09.27 10:18:43 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Malwarebytes [2011.10.03 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Maxthon3 [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Media Center Programs [2011.06.26 15:08:31 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Media Get LLC [2012.09.18 09:13:05 | 000,000,000 | --SD | M] -- C:\Users\DREAM\AppData\Roaming\Microsoft [2011.07.28 17:51:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo [2012.10.12 03:18:16 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mikogo 4 [2012.02.05 12:21:36 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\MOVAVI [2012.10.11 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Mozilla [2011.06.06 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\My Games [2012.01.28 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\NCH Software [2011.07.11 22:52:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\NevoSoft [2012.09.19 10:18:05 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Noirna [2012.06.30 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Notepad++ [2011.02.13 23:46:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\OpenOffice.org [2011.04.14 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Opera [2011.09.01 21:38:43 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PathToSuccess [2011.06.12 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PlayFirst [2012.06.08 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PngOptimizer [2011.12.28 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\PoBros [2012.10.11 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\ProtectDisc [2012.01.24 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Realore_Whiterra Roads Of Rome [2011.12.11 15:15:49 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Realore_Whiterra Roads Of Rome 2 [2012.02.04 20:00:41 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Realore_Whiterra Roads Of Rome 3 [2012.09.17 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Registry Mechanic [2012.10.11 17:30:53 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Skype [2012.03.27 12:04:49 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\skypePM [2012.09.25 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\SmartFTP [2012.10.07 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\SoftGrid Client [2011.03.08 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Softland [2011.01.26 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Software Inspection Library [2011.01.16 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.10.09 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Systweak [2012.09.05 18:50:35 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TeamViewer [2011.05.27 23:24:58 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Tific [2012.02.01 13:12:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TP [2012.09.19 10:30:12 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\TweetAdder3 [2012.01.31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ulead Systems [2012.09.19 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Upurv [2012.09.19 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Veohpu [2012.08.22 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\vlc [2011.01.23 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\WinRAR [2012.10.07 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner [2012.09.25 15:08:40 | 000,000,000 | -HSD | M] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU [2012.09.19 10:20:24 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Xeavp [2012.09.19 08:09:37 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Ykavu [2012.08.10 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\Zylom [2012.07.05 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\DREAM\AppData\Roaming\{90140011-0061-0407-0000-0000000FF1CE} < %APPDATA%\*.exe /s > [2011.05.06 23:10:26 | 005,751,917 | ---- | M] (DAZ 3D) -- C:\Users\DREAM\AppData\Roaming\DAZ 3D\Studio4\Updater\AutoUpdate_Win.exe [2011.06.30 13:36:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\DREAM\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.01.05 11:17:22 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\DREAM\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.02.02 00:36:47 | 000,014,846 | R--- | M] () -- C:\Users\DREAM\AppData\Roaming\Microsoft\Installer\{AD6ACA58-30FE-4336-A5B0-461FD60AF727}\FileOpenNew.exe [2012.09.25 15:11:10 | 000,157,733 | R--- | M] () -- C:\Users\DREAM\AppData\Roaming\Microsoft\Installer\{CFBE146C-7664-41D1-BFD8-61600736E24C}\SmartFTP.exe [2012.10.12 03:18:16 | 001,592,208 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Capture.exe [2012.08.13 14:43:24 | 001,008,032 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe [2012.08.13 14:54:10 | 005,380,512 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe [2012.08.13 14:54:26 | 000,458,832 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\remover.exe [2012.08.13 14:54:12 | 002,937,256 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\sessionplayer.exe [2012.08.13 14:43:24 | 000,440,216 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\Stopper.exe [2011.05.04 08:24:00 | 000,024,576 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo\B-Capture.exe [2011.05.04 08:24:00 | 000,185,640 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo\B-Service.exe [2011.07.28 17:51:13 | 005,413,752 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo\Mikogo-Host.exe [2011.07.28 17:50:59 | 000,230,744 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\Mikogo\NewVer.exe [2011.05.04 08:01:06 | 000,144,688 | ---- | M] (Mikogo) -- C:\Users\DREAM\AppData\Roaming\Mikogo\remover.exe [2011.05.04 08:01:06 | 001,249,280 | ---- | M] (BeamYourScreen) -- C:\Users\DREAM\AppData\Roaming\Mikogo\SessionPlayer.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2012.06.06 14:30:30 | 000,026,112 | ---- | M] () MD5=1EBB071E5585A41583C89BC0CC135CE3 -- C:\xampp\perl\vendor\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTOR.SYS > [2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2011.01.02 13:35:41 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.01.02 13:35:42 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.01.05 15:54:14 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job [2011.01.05 15:54:15 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job [2011.01.24 11:21:15 | 000,000,436 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for DREAM.job [2012.04.03 21:04:16 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < > ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FDDD8917 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > |
|
12.10.2012, 15:14
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012
IE - HKU\S-1-5-21-3313979477-441340846-3546100501-1001\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/web?o=15710&l=dis&q={searchTerms}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 09:56:50 | 000,000,036 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - I:\AUTORUN -- [ FAT32 ]
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FDDD8917
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Files
i:\autorun*
C:\{*
C:\Users\DREAM\AppData\Roaming\Veohpu
C:\Users\DREAM\AppData\Roaming\Ilados
C:\Users\DREAM\AppData\Roaming\Amqoev
C:\Users\DREAM\AppData\Roaming\Xeavp
C:\Users\DREAM\AppData\Roaming\Noirna
C:\Users\DREAM\AppData\Roaming\Cufuta
C:\Users\DREAM\AppData\Roaming\Ihaf
C:\Users\DREAM\AppData\Roaming\Ewasa
C:\Users\DREAM\AppData\Roaming\Cakyna
C:\Users\DREAM\AppData\Roaming\Ykavu
C:\Users\DREAM\AppData\Roaming\Gaqyqy
C:\Users\DREAM\AppData\Roaming\Alezo
C:\Users\DREAM\AppData\Roaming\Eqko
C:\Users\DREAM\AppData\Roaming\Upurv
C:\Users\DREAM\AppData\Roaming\Keibef
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 16:47
| #24 |
| Gesperrt | Malwarebytes findet Trojan.XBuild402 Sorry, nur der Sicherheit halber: Soll ich jetzt 2x einen OTL Fix machen oder erst nachdem ich die Datei hinein kopiert habe? Ok, hab jetzt einfach mal die zwete Variante gewählt  . Hier der CodeCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3313979477-441340846-3546100501-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
I:\AUTORUN.INF moved successfully.
File not found.
ADS C:\ProgramData\Temp:FDDD8917 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== FILES ==========
i:\AUTORUN folder moved successfully.
C:\{00A108FB-68B6-42E1-97DF-9D78B0CF534A} moved successfully.
C:\{00AA13D2-AE8D-4FB4-BACE-07C43E64AEC0} moved successfully.
C:\{05819579-803D-48E6-A81F-A1D4BBD50F73} moved successfully.
C:\{07598F0C-5D2A-4D0F-AF9A-414673EE4FE2} moved successfully.
C:\{08C33531-992C-4BF3-9665-314792D9210F} moved successfully.
C:\{111BEC3A-582F-4CDC-A998-06B692E7B573} moved successfully.
C:\{16C0BB7B-EEA7-4896-AED2-5BEB4A80A359} moved successfully.
C:\{18CCF2A6-FEC9-4C21-B301-B488AFBEF419} moved successfully.
C:\{196502EE-97FF-46FC-B6B3-6F9B993E8A71} moved successfully.
C:\{2106A641-99E5-4C17-B750-B219696871EE} moved successfully.
C:\{238A09A1-8F16-40E8-8E64-3E573C901A24} moved successfully.
C:\{23F3AD39-1733-4276-9B70-1DA87F2BBC30} moved successfully.
C:\{2552EB97-00EC-46C6-A2BA-814F7E16C99E} moved successfully.
C:\{27B90751-2C50-4579-AB8C-D5A6B125C96E} moved successfully.
C:\{2A46EF6F-433F-4A42-80C4-6EE25FE20393} moved successfully.
C:\{381E3CA7-BC59-457A-95F5-4605E3829569} moved successfully.
C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE} moved successfully.
C:\{3D3AE187-13E9-4C37-83A2-A9365C1A4513} moved successfully.
C:\{3DD0ED9E-8A2C-4C73-9897-C9034D089D44} moved successfully.
C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB} moved successfully.
C:\{44036E9D-751F-45E2-985F-2E0A4709FFB2} moved successfully.
C:\{44D81DAE-6513-4C20-97FD-666E185FADE5} moved successfully.
C:\{454BE41D-D8E8-4A3E-892C-C3A3A9B0EC3F} moved successfully.
C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A} moved successfully.
C:\{482242CF-C4E1-4EE2-8A16-C099FEB8A57D} moved successfully.
C:\{4C470DF3-873B-4A8D-933F-33801691E357} moved successfully.
C:\{4E6D4811-4D90-4942-BA85-82DBCA886AE5} moved successfully.
C:\{4E99CA1D-BEE2-4564-9B8B-4BE53D4BA337} moved successfully.
C:\{54C8837E-A43C-4B13-9168-2C6ABC88452F} moved successfully.
C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC} moved successfully.
C:\{5CAC3015-7162-4843-BFA9-609FDA8FBAC3} moved successfully.
C:\{5F1F9F48-66FA-4293-A4D2-BF2071F8FFAC} moved successfully.
C:\{661776B2-87DA-48A8-8C1A-7FE84554066B} moved successfully.
C:\{66524745-22C5-45D4-893D-7682BF679974} moved successfully.
C:\{66B67360-D4D8-42B6-AD35-1601A193D2C9} moved successfully.
C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8} moved successfully.
C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067} moved successfully.
C:\{6A5BEEE2-4566-4C56-BB03-232BD8DD432C} moved successfully.
C:\{6CBBCE84-CCA5-41D9-8077-7FC545A93EF7} moved successfully.
C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E} moved successfully.
C:\{75308753-5D14-493C-A278-4489B53216B6} moved successfully.
C:\{7F42B75D-7654-4644-89FD-C803D572BDBB} moved successfully.
C:\{835B7005-EFEB-45F4-820A-149EC83DAAF9} moved successfully.
C:\{83A5A8FE-A228-4576-8FDF-AE13C7D56952} moved successfully.
C:\{8A0F4C3F-863A-452C-B1C1-4336984E95A7} moved successfully.
C:\{9B64D990-1B22-4CBA-BDDB-817E6C2FFDB1} moved successfully.
C:\{9E3B423E-D2EA-4B63-AEC9-61AEA241D698} moved successfully.
C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6} moved successfully.
C:\{A331A9A2-7B3A-4FE1-89EB-7651871A3694} moved successfully.
C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189} moved successfully.
C:\{A6A0EC49-FEE2-4814-83B5-11BD37B34E5A} moved successfully.
C:\{A6D9F8DB-3107-4634-B791-6A759D86B7E3} moved successfully.
C:\{A9E7CD35-8FC7-414B-9048-3ABED3FF81F4} moved successfully.
C:\{A9FB6799-83CD-45AA-96DA-195D3BA1EBE0} moved successfully.
C:\{B8D4EE79-F39F-457F-89B0-9B7082DBA2DE} moved successfully.
C:\{C99178A9-7D0F-4098-90DC-CD34205E361C} moved successfully.
C:\{C9DBE4F7-90BD-4010-97A9-1CEB4F6D596B} moved successfully.
C:\{C9E18E3D-1755-42DF-B786-9D1EF2AB88A5} moved successfully.
C:\{D1AD6C81-C300-4027-9DFD-6FD8B377865D} moved successfully.
C:\{D1CFA30F-5CA4-4E5B-8314-17436B4A7773} moved successfully.
C:\{EE01BC2A-758B-482D-9B14-3C28ADEC9AA2} moved successfully.
C:\{F9848F6D-68E5-4440-808F-BA050837ECC2} moved successfully.
C:\{FC69F568-50EC-4158-91A4-EF8325E23DBD} moved successfully.
C:\{FDEFA34F-4B1E-484C-87DD-5D4281FEB8E7} moved successfully.
C:\Users\DREAM\AppData\Roaming\Veohpu folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Ilados folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Amqoev folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Xeavp folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Noirna folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Cufuta folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Ihaf folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Ewasa folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Cakyna folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Ykavu folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Gaqyqy folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Alezo folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Eqko folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Upurv folder moved successfully.
C:\Users\DREAM\AppData\Roaming\Keibef folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\DREAM\Downloads\cmd.bat deleted successfully.
C:\Users\DREAM\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: DREAM
->Temp folder emptied: 461665391 bytes
->Temporary Internet Files folder emptied: 54043278 bytes
->Java cache emptied: 207575842 bytes
->FireFox cache emptied: 226068098 bytes
->Google Chrome cache emptied: 199086754 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 58731 bytes
User: Public
User: teddybaer
->Temp folder emptied: 488329 bytes
->Temporary Internet Files folder emptied: 1309931 bytes
->Java cache emptied: 2823718 bytes
->Google Chrome cache emptied: 8984000 bytes
->Flash cache emptied: 56466 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2929556 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.111,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10122012_195333
Files\Folders moved on Reboot...
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DF117AC557692577E4.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DF1FD75F67C8BE7350.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DF2BBC154BEE04732F.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DF4C23CD1F7EEC3592.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DF9F9D1095AE025F6B.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DFB3A2051C8B345CCC.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DFB3C4BF17F0280BD5.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DFB46D018906E7DBAD.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DFCAFC845FF3765451.TMP not found!
File\Folder C:\Users\DREAM\AppData\Local\Temp\~DFE1D0E68FE4A4F100.TMP not found!
C:\Windows\temp\master33371 moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.10.2012, 19:05
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 19:56
| #26 |
| Gesperrt |  Malwarebytes findet Trojan.XBuild402 Gescannt: Code:
ATTFilter 20:49:52.0500 3660 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:49:54.0501 3660 ============================================================
20:49:54.0501 3660 Current date / time: 2012/10/12 20:49:54.0501
20:49:54.0501 3660 SystemInfo:
20:49:54.0501 3660
20:49:54.0501 3660 OS Version: 6.1.7601 ServicePack: 1.0
20:49:54.0501 3660 Product type: Workstation
20:49:54.0501 3660 ComputerName: DREAM-PC
20:49:54.0502 3660 UserName: DREAM
20:49:54.0502 3660 Windows directory: C:\Windows
20:49:54.0502 3660 System windows directory: C:\Windows
20:49:54.0502 3660 Processor architecture: Intel x86
20:49:54.0502 3660 Number of processors: 4
20:49:54.0502 3660 Page size: 0x1000
20:49:54.0502 3660 Boot type: Normal boot
20:49:54.0502 3660 ============================================================
20:49:55.0050 3660 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:49:55.0064 3660 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:50:03.0109 3660 ============================================================
20:50:03.0109 3660 \Device\Harddisk0\DR0:
20:50:03.0109 3660 MBR partitions:
20:50:03.0109 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:50:03.0109 3660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x708D3000
20:50:03.0109 3660 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70905800, BlocksNum 0x3C00000
20:50:03.0109 3660 \Device\Harddisk4\DR4:
20:50:03.0129 3660 MBR partitions:
20:50:03.0129 3660 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
20:50:03.0129 3660 ============================================================
20:50:03.0178 3660 C: <-> \Device\Harddisk0\DR0\Partition2
20:50:03.0214 3660 D: <-> \Device\Harddisk0\DR0\Partition3
20:50:03.0219 3660 I: <-> \Device\Harddisk4\DR4\Partition1
20:50:03.0219 3660 ============================================================
20:50:03.0219 3660 Initialize success
20:50:03.0219 3660 ============================================================
20:53:19.0746 4760 ============================================================
20:53:19.0746 4760 Scan started
20:53:19.0746 4760 Mode: Manual; SigCheck; TDLFS;
20:53:19.0746 4760 ============================================================
20:53:21.0436 4760 ================ Scan system memory ========================
20:53:21.0436 4760 System memory - ok
20:53:21.0436 4760 ================ Scan services =============================
20:53:21.0612 4760 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:53:21.0726 4760 1394ohci - ok
20:53:21.0810 4760 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
20:53:21.0847 4760 acedrv11 - ok
20:53:21.0875 4760 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:53:21.0891 4760 ACPI - ok
20:53:21.0904 4760 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:53:21.0928 4760 AcpiPmi - ok
20:53:22.0010 4760 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:53:22.0030 4760 AdobeARMservice - ok
20:53:22.0108 4760 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:53:22.0133 4760 AdobeFlashPlayerUpdateSvc - ok
20:53:22.0167 4760 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:53:22.0202 4760 adp94xx - ok
20:53:22.0225 4760 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:53:22.0242 4760 adpahci - ok
20:53:22.0265 4760 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:53:22.0279 4760 adpu320 - ok
20:53:22.0296 4760 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:53:22.0339 4760 AeLookupSvc - ok
20:53:22.0384 4760 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:53:22.0427 4760 AFD - ok
20:53:22.0468 4760 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:53:22.0493 4760 agp440 - ok
20:53:22.0525 4760 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:53:22.0548 4760 aic78xx - ok
20:53:22.0586 4760 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:53:22.0630 4760 ALG - ok
20:53:22.0646 4760 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:53:22.0667 4760 aliide - ok
20:53:22.0724 4760 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:53:22.0760 4760 AMD External Events Utility - ok
20:53:22.0787 4760 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:53:22.0801 4760 amdagp - ok
20:53:22.0827 4760 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:53:22.0851 4760 amdide - ok
20:53:22.0881 4760 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:53:22.0910 4760 AmdK8 - ok
20:53:23.0012 4760 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:53:23.0201 4760 amdkmdag - ok
20:53:23.0223 4760 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:53:23.0252 4760 amdkmdap - ok
20:53:23.0272 4760 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:53:23.0290 4760 AmdPPM - ok
20:53:23.0305 4760 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:53:23.0322 4760 amdsata - ok
20:53:23.0342 4760 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:53:23.0362 4760 amdsbs - ok
20:53:23.0376 4760 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:53:23.0386 4760 amdxata - ok
20:53:23.0466 4760 [ 44EE9285880603E2C7550541EA698D8D ] Apache2.4 c:\xampp\apache\bin\httpd.exe
20:53:23.0476 4760 Apache2.4 ( UnsignedFile.Multi.Generic ) - warning
20:53:23.0476 4760 Apache2.4 - detected UnsignedFile.Multi.Generic (1)
20:53:23.0522 4760 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:53:23.0581 4760 AppID - ok
20:53:23.0613 4760 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:53:23.0636 4760 AppIDSvc - ok
20:53:23.0692 4760 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:53:23.0735 4760 Appinfo - ok
20:53:23.0849 4760 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:53:23.0870 4760 Apple Mobile Device - ok
20:53:23.0887 4760 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:53:23.0910 4760 arc - ok
20:53:23.0923 4760 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:53:23.0939 4760 arcsas - ok
20:53:24.0044 4760 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:53:24.0086 4760 aspnet_state - ok
20:53:24.0118 4760 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:53:24.0176 4760 AsyncMac - ok
20:53:24.0213 4760 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:53:24.0235 4760 atapi - ok
20:53:24.0271 4760 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:53:24.0284 4760 AtiHdmiService - ok
20:53:24.0314 4760 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:53:24.0350 4760 AudioEndpointBuilder - ok
20:53:24.0357 4760 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:53:24.0383 4760 Audiosrv - ok
20:53:24.0418 4760 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:53:24.0463 4760 AxInstSV - ok
20:53:24.0493 4760 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:53:24.0533 4760 b06bdrv - ok
20:53:24.0550 4760 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:53:24.0566 4760 b57nd60x - ok
20:53:24.0594 4760 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:53:24.0636 4760 BDESVC - ok
20:53:24.0642 4760 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:53:24.0700 4760 Beep - ok
20:53:24.0718 4760 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:53:24.0764 4760 BFE - ok
20:53:25.0016 4760 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
20:53:25.0065 4760 BHDrvx86 - ok
20:53:25.0133 4760 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:53:25.0200 4760 BITS - ok
20:53:25.0217 4760 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:53:25.0240 4760 blbdrive - ok
20:53:25.0339 4760 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:53:25.0364 4760 Bonjour Service - ok
20:53:25.0393 4760 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:53:25.0427 4760 bowser - ok
20:53:25.0441 4760 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:53:25.0470 4760 BrFiltLo - ok
20:53:25.0485 4760 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:53:25.0509 4760 BrFiltUp - ok
20:53:25.0542 4760 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:53:25.0573 4760 Browser - ok
20:53:25.0587 4760 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:53:25.0629 4760 Brserid - ok
20:53:25.0637 4760 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:53:25.0654 4760 BrSerWdm - ok
20:53:25.0669 4760 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:53:25.0689 4760 BrUsbMdm - ok
20:53:25.0702 4760 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:53:25.0717 4760 BrUsbSer - ok
20:53:25.0731 4760 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:53:25.0748 4760 BTHMODEM - ok
20:53:25.0788 4760 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:53:25.0843 4760 bthserv - ok
20:53:25.0901 4760 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
20:53:25.0921 4760 ccSet_NIS - ok
20:53:25.0948 4760 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:53:25.0985 4760 cdfs - ok
20:53:26.0033 4760 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:53:26.0056 4760 cdrom - ok
20:53:26.0089 4760 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:53:26.0137 4760 CertPropSvc - ok
20:53:26.0159 4760 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:53:26.0175 4760 circlass - ok
20:53:26.0187 4760 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:53:26.0203 4760 CLFS - ok
20:53:26.0246 4760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:53:26.0269 4760 clr_optimization_v2.0.50727_32 - ok
20:53:26.0314 4760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:53:26.0419 4760 clr_optimization_v4.0.30319_32 - ok
20:53:26.0440 4760 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:53:26.0453 4760 CmBatt - ok
20:53:26.0463 4760 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:53:26.0475 4760 cmdide - ok
20:53:26.0503 4760 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:53:26.0526 4760 CNG - ok
20:53:26.0536 4760 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:53:26.0550 4760 Compbatt - ok
20:53:26.0596 4760 [ F77390678B3C2FA7ED82EA034D582355 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
20:53:26.0607 4760 CompFilter - ok
20:53:26.0634 4760 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:53:26.0670 4760 CompositeBus - ok
20:53:26.0674 4760 COMSysApp - ok
20:53:26.0686 4760 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:53:26.0700 4760 crcdisk - ok
20:53:26.0733 4760 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:53:26.0755 4760 CryptSvc - ok
20:53:26.0832 4760 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:53:26.0867 4760 cvhsvc - ok
20:53:26.0951 4760 [ DB66841A22E3F51030C7671F33B2D290 ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
20:53:26.0970 4760 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
20:53:26.0970 4760 DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
20:53:27.0011 4760 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:53:27.0069 4760 DcomLaunch - ok
20:53:27.0097 4760 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:53:27.0139 4760 defragsvc - ok
20:53:27.0172 4760 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:53:27.0215 4760 DfsC - ok
20:53:27.0226 4760 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:53:27.0262 4760 Dhcp - ok
20:53:27.0284 4760 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:53:27.0346 4760 discache - ok
20:53:27.0377 4760 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:53:27.0388 4760 Disk - ok
20:53:27.0429 4760 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:53:27.0463 4760 Dnscache - ok
20:53:27.0490 4760 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:53:27.0521 4760 dot3svc - ok
20:53:27.0549 4760 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:53:27.0593 4760 DPS - ok
20:53:27.0614 4760 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:53:27.0657 4760 drmkaud - ok
20:53:27.0699 4760 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:53:27.0732 4760 DXGKrnl - ok
20:53:27.0743 4760 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:53:27.0781 4760 EapHost - ok
20:53:27.0842 4760 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:53:27.0952 4760 ebdrv - ok
20:53:28.0030 4760 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:53:28.0055 4760 eeCtrl - ok
20:53:28.0092 4760 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:53:28.0128 4760 EFS - ok
20:53:28.0174 4760 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:53:28.0222 4760 ehRecvr - ok
20:53:28.0244 4760 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:53:28.0276 4760 ehSched - ok
20:53:28.0311 4760 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:53:28.0333 4760 elxstor - ok
20:53:28.0381 4760 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:53:28.0402 4760 EraserUtilRebootDrv - ok
20:53:28.0429 4760 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:53:28.0459 4760 ErrDev - ok
20:53:28.0505 4760 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:53:28.0566 4760 EventSystem - ok
20:53:28.0585 4760 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:53:28.0621 4760 exfat - ok
20:53:28.0726 4760 [ 98F1D9E3E9AEE6B5A528D9C041DC2941 ] FAService C:\Program Files\Sensible Vision\Fast Access\FAService.exe
20:53:28.0817 4760 FAService ( UnsignedFile.Multi.Generic ) - warning
20:53:28.0817 4760 FAService - detected UnsignedFile.Multi.Generic (1)
20:53:28.0841 4760 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:53:28.0869 4760 fastfat - ok
20:53:28.0897 4760 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:53:28.0941 4760 Fax - ok
20:53:28.0964 4760 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:53:28.0979 4760 fdc - ok
20:53:28.0990 4760 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:53:29.0030 4760 fdPHost - ok
20:53:29.0044 4760 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:53:29.0076 4760 FDResPub - ok
20:53:29.0105 4760 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:53:29.0116 4760 FileInfo - ok
20:53:29.0125 4760 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:53:29.0152 4760 Filetrace - ok
20:53:29.0191 4760 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:53:29.0233 4760 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:53:29.0233 4760 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:53:29.0243 4760 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:53:29.0267 4760 flpydisk - ok
20:53:29.0279 4760 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:53:29.0296 4760 FltMgr - ok
20:53:29.0336 4760 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:53:29.0389 4760 FontCache - ok
20:53:29.0443 4760 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:53:29.0464 4760 FontCache3.0.0.0 - ok
20:53:29.0474 4760 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:53:29.0493 4760 FsDepends - ok
20:53:29.0524 4760 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:53:29.0538 4760 Fs_Rec - ok
20:53:29.0576 4760 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:53:29.0609 4760 fvevol - ok
20:53:29.0633 4760 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:53:29.0646 4760 gagp30kx - ok
20:53:29.0698 4760 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:53:29.0715 4760 GEARAspiWDM - ok
20:53:29.0737 4760 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:53:29.0793 4760 gpsvc - ok
20:53:29.0852 4760 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:29.0873 4760 gupdate - ok
20:53:29.0882 4760 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:53:29.0893 4760 gupdatem - ok
20:53:29.0914 4760 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:53:29.0929 4760 gusvc - ok
20:53:29.0957 4760 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:53:30.0000 4760 hcw85cir - ok
20:53:30.0038 4760 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:53:30.0076 4760 HdAudAddService - ok
20:53:30.0096 4760 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:53:30.0112 4760 HDAudBus - ok
20:53:30.0122 4760 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:53:30.0146 4760 HidBatt - ok
20:53:30.0162 4760 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:53:30.0190 4760 HidBth - ok
20:53:30.0212 4760 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:53:30.0238 4760 HidIr - ok
20:53:30.0251 4760 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:53:30.0293 4760 hidserv - ok
20:53:30.0320 4760 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:53:30.0333 4760 HidUsb - ok
20:53:30.0367 4760 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:53:30.0427 4760 hkmsvc - ok
20:53:30.0441 4760 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:53:30.0466 4760 HomeGroupListener - ok
20:53:30.0498 4760 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:53:30.0511 4760 HomeGroupProvider - ok
20:53:30.0524 4760 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:53:30.0538 4760 HpSAMD - ok
20:53:30.0601 4760 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:53:30.0646 4760 HTTP - ok
20:53:30.0676 4760 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:53:30.0686 4760 hwpolicy - ok
20:53:30.0694 4760 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:53:30.0724 4760 i8042prt - ok
20:53:30.0746 4760 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:53:30.0765 4760 iaStor - ok
20:53:30.0829 4760 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:53:30.0844 4760 IAStorDataMgrSvc - ok
20:53:30.0862 4760 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:53:30.0889 4760 iaStorV - ok
20:53:30.0924 4760 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:53:30.0963 4760 idsvc - ok
20:53:31.0059 4760 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121011.001\IDSvix86.sys
20:53:31.0083 4760 IDSVix86 - ok
20:53:31.0119 4760 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:53:31.0131 4760 iirsp - ok
20:53:31.0151 4760 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:53:31.0194 4760 IKEEXT - ok
20:53:31.0287 4760 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:53:31.0385 4760 IntcAzAudAddService - ok
20:53:31.0419 4760 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:53:31.0430 4760 intelide - ok
20:53:31.0462 4760 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:53:31.0498 4760 intelppm - ok
20:53:31.0521 4760 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:53:31.0562 4760 IPBusEnum - ok
20:53:31.0581 4760 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:53:31.0613 4760 IpFilterDriver - ok
20:53:31.0639 4760 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:53:31.0670 4760 iphlpsvc - ok
20:53:31.0719 4760 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:53:31.0767 4760 IPMIDRV - ok
20:53:31.0814 4760 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:53:31.0865 4760 IPNAT - ok
20:53:31.0914 4760 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:53:31.0953 4760 iPod Service - ok
20:53:31.0978 4760 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:53:32.0010 4760 IRENUM - ok
20:53:32.0023 4760 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:53:32.0036 4760 isapnp - ok
20:53:32.0051 4760 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:53:32.0065 4760 iScsiPrt - ok
20:53:32.0083 4760 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:53:32.0094 4760 kbdclass - ok
20:53:32.0103 4760 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:53:32.0129 4760 kbdhid - ok
20:53:32.0137 4760 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:53:32.0150 4760 KeyIso - ok
20:53:32.0178 4760 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:53:32.0191 4760 KSecDD - ok
20:53:32.0202 4760 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:53:32.0217 4760 KSecPkg - ok
20:53:32.0243 4760 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:53:32.0289 4760 KtmRm - ok
20:53:32.0320 4760 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:53:32.0359 4760 LanmanServer - ok
20:53:32.0393 4760 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:53:32.0452 4760 LanmanWorkstation - ok
20:53:32.0478 4760 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:53:32.0506 4760 lltdio - ok
20:53:32.0520 4760 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:53:32.0546 4760 lltdsvc - ok
20:53:32.0554 4760 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:53:32.0578 4760 lmhosts - ok
20:53:32.0593 4760 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:53:32.0605 4760 LSI_FC - ok
20:53:32.0628 4760 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:53:32.0639 4760 LSI_SAS - ok
20:53:32.0648 4760 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:53:32.0659 4760 LSI_SAS2 - ok
20:53:32.0682 4760 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:53:32.0694 4760 LSI_SCSI - ok
20:53:32.0703 4760 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:53:32.0729 4760 luafv - ok
20:53:32.0761 4760 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:53:32.0770 4760 LVPr2Mon - ok
20:53:32.0789 4760 [ B6E1CCD6572984ADCAE68439AFD07011 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:53:32.0803 4760 LVRS - ok
20:53:32.0903 4760 [ 6C42815DD57E397F0CD988304B5EB4B3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
20:53:33.0028 4760 LVUVC - ok
20:53:33.0138 4760 [ 2D46DC95709F2967D401326CA67D4111 ] M4-Service C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe
20:53:33.0180 4760 M4-Service - ok
20:53:33.0222 4760 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:53:33.0233 4760 MBAMProtector - ok
20:53:33.0253 4760 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:53:33.0273 4760 MBAMScheduler - ok
20:53:33.0292 4760 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:53:33.0314 4760 MBAMService - ok
20:53:33.0367 4760 [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
20:53:33.0390 4760 McAfee SiteAdvisor Service - ok
20:53:33.0432 4760 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
20:53:33.0456 4760 McComponentHostService - ok
20:53:33.0508 4760 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:53:33.0539 4760 Mcx2Svc - ok
20:53:33.0550 4760 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:53:33.0563 4760 megasas - ok
20:53:33.0597 4760 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:53:33.0628 4760 MegaSR - ok
20:53:33.0639 4760 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:53:33.0669 4760 MMCSS - ok
20:53:33.0682 4760 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:53:33.0711 4760 Modem - ok
20:53:33.0752 4760 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:53:33.0780 4760 monitor - ok
20:53:33.0794 4760 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:53:33.0805 4760 mouclass - ok
20:53:33.0826 4760 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:53:33.0847 4760 mouhid - ok
20:53:33.0879 4760 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:53:33.0890 4760 mountmgr - ok
20:53:33.0931 4760 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:53:33.0945 4760 MozillaMaintenance - ok
20:53:33.0975 4760 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:53:33.0990 4760 mpio - ok
20:53:34.0021 4760 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:53:34.0055 4760 mpsdrv - ok
20:53:34.0125 4760 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:53:34.0212 4760 MpsSvc - ok
20:53:34.0239 4760 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:53:34.0257 4760 MRxDAV - ok
20:53:34.0277 4760 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:53:34.0296 4760 mrxsmb - ok
20:53:34.0342 4760 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:53:34.0365 4760 mrxsmb10 - ok
20:53:34.0387 4760 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:53:34.0406 4760 mrxsmb20 - ok
20:53:34.0425 4760 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:53:34.0436 4760 msahci - ok
20:53:34.0448 4760 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:53:34.0461 4760 msdsm - ok
20:53:34.0475 4760 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:53:34.0494 4760 MSDTC - ok
20:53:34.0511 4760 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:53:34.0538 4760 Msfs - ok
20:53:34.0547 4760 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:53:34.0577 4760 mshidkmdf - ok
20:53:34.0593 4760 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:53:34.0603 4760 msisadrv - ok
20:53:34.0635 4760 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:53:34.0675 4760 MSiSCSI - ok
20:53:34.0678 4760 msiserver - ok
20:53:34.0695 4760 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:53:34.0730 4760 MSKSSRV - ok
20:53:34.0738 4760 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:53:34.0768 4760 MSPCLOCK - ok
20:53:34.0790 4760 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:53:34.0815 4760 MSPQM - ok
20:53:34.0826 4760 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:53:34.0838 4760 MsRPC - ok
20:53:34.0854 4760 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:53:34.0865 4760 mssmbios - ok
20:53:34.0876 4760 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:53:34.0899 4760 MSTEE - ok
20:53:34.0922 4760 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:53:34.0933 4760 MTConfig - ok
20:53:34.0943 4760 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:53:34.0952 4760 Mup - ok
20:53:35.0052 4760 mysql - ok
20:53:35.0091 4760 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:53:35.0132 4760 napagent - ok
20:53:35.0156 4760 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:53:35.0174 4760 NativeWifiP - ok
20:53:35.0256 4760 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.034\NAVENG.SYS
20:53:35.0266 4760 NAVENG - ok
20:53:35.0304 4760 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121011.034\NAVEX15.SYS
20:53:35.0352 4760 NAVEX15 - ok
20:53:35.0387 4760 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:53:35.0410 4760 NDIS - ok
20:53:35.0417 4760 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:53:35.0444 4760 NdisCap - ok
20:53:35.0463 4760 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:53:35.0497 4760 NdisTapi - ok
20:53:35.0519 4760 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:53:35.0544 4760 Ndisuio - ok
20:53:35.0586 4760 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:53:35.0620 4760 NdisWan - ok
20:53:35.0652 4760 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:53:35.0688 4760 NDProxy - ok
20:53:35.0706 4760 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:53:35.0743 4760 NetBIOS - ok
20:53:35.0767 4760 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:53:35.0798 4760 NetBT - ok
20:53:35.0808 4760 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:53:35.0821 4760 Netlogon - ok
20:53:35.0844 4760 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:53:35.0879 4760 Netman - ok
20:53:35.0937 4760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:53:35.0965 4760 NetMsmqActivator - ok
20:53:35.0970 4760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:53:35.0982 4760 NetPipeActivator - ok
20:53:36.0010 4760 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:53:36.0037 4760 netprofm - ok
20:53:36.0047 4760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:53:36.0056 4760 NetTcpActivator - ok
20:53:36.0059 4760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:53:36.0069 4760 NetTcpPortSharing - ok
20:53:36.0089 4760 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:53:36.0099 4760 nfrd960 - ok
20:53:36.0170 4760 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
20:53:36.0186 4760 NIS - ok
20:53:36.0220 4760 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:53:36.0249 4760 NlaSvc - ok
20:53:36.0263 4760 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:53:36.0297 4760 Npfs - ok
20:53:36.0314 4760 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:53:36.0340 4760 nsi - ok
20:53:36.0362 4760 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:53:36.0393 4760 nsiproxy - ok
20:53:36.0440 4760 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:53:36.0478 4760 Ntfs - ok
20:53:36.0487 4760 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:53:36.0517 4760 Null - ok
20:53:36.0549 4760 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:53:36.0561 4760 nvraid - ok
20:53:36.0572 4760 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:53:36.0584 4760 nvstor - ok
20:53:36.0602 4760 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:53:36.0613 4760 nv_agp - ok
20:53:36.0627 4760 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:53:36.0657 4760 ohci1394 - ok
20:53:36.0714 4760 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:53:36.0726 4760 ose - ok
20:53:36.0808 4760 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:53:36.0918 4760 osppsvc - ok
20:53:36.0936 4760 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:53:36.0958 4760 p2pimsvc - ok
20:53:36.0999 4760 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:53:37.0029 4760 p2psvc - ok
20:53:37.0058 4760 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:53:37.0076 4760 Parport - ok
20:53:37.0107 4760 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:53:37.0119 4760 partmgr - ok
20:53:37.0125 4760 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:53:37.0151 4760 Parvdm - ok
20:53:37.0172 4760 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:53:37.0188 4760 PcaSvc - ok
20:53:37.0202 4760 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:53:37.0213 4760 pci - ok
20:53:37.0241 4760 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:53:37.0251 4760 pciide - ok
20:53:37.0277 4760 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:53:37.0290 4760 pcmcia - ok
20:53:37.0302 4760 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:53:37.0313 4760 pcw - ok
20:53:37.0332 4760 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:53:37.0367 4760 PEAUTH - ok
20:53:37.0448 4760 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:53:37.0546 4760 pla - ok
20:53:37.0576 4760 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:53:37.0620 4760 PlugPlay - ok
20:53:37.0632 4760 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:53:37.0649 4760 PNRPAutoReg - ok
20:53:37.0660 4760 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:53:37.0675 4760 PNRPsvc - ok
20:53:37.0692 4760 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:53:37.0718 4760 PolicyAgent - ok
20:53:37.0767 4760 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:53:37.0822 4760 Power - ok
20:53:37.0845 4760 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:53:37.0877 4760 PptpMiniport - ok
20:53:37.0893 4760 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:53:37.0917 4760 Processor - ok
20:53:37.0940 4760 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:53:37.0976 4760 ProfSvc - ok
20:53:37.0982 4760 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:53:38.0011 4760 ProtectedStorage - ok
20:53:38.0053 4760 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
20:53:38.0068 4760 ProtexisLicensing - ok
20:53:38.0092 4760 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:53:38.0124 4760 Psched - ok
20:53:38.0154 4760 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:53:38.0203 4760 ql2300 - ok
20:53:38.0234 4760 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:53:38.0246 4760 ql40xx - ok
20:53:38.0273 4760 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:53:38.0298 4760 QWAVE - ok
20:53:38.0309 4760 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:53:38.0325 4760 QWAVEdrv - ok
20:53:38.0335 4760 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:53:38.0370 4760 RasAcd - ok
20:53:38.0374 4760 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:53:38.0406 4760 RasAgileVpn - ok
20:53:38.0428 4760 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:53:38.0459 4760 RasAuto - ok
20:53:38.0481 4760 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:53:38.0507 4760 Rasl2tp - ok
20:53:38.0546 4760 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:53:38.0595 4760 RasMan - ok
20:53:38.0623 4760 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:53:38.0657 4760 RasPppoe - ok
20:53:38.0681 4760 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:53:38.0709 4760 RasSstp - ok
20:53:38.0751 4760 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:53:38.0782 4760 rdbss - ok
20:53:38.0803 4760 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:53:38.0818 4760 rdpbus - ok
20:53:38.0883 4760 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:53:38.0939 4760 RDPCDD - ok
20:53:38.0952 4760 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:53:38.0977 4760 RDPENCDD - ok
20:53:38.0989 4760 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:53:39.0014 4760 RDPREFMP - ok
20:53:39.0049 4760 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:53:39.0087 4760 RDPWD - ok
20:53:39.0122 4760 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:53:39.0135 4760 rdyboost - ok
20:53:39.0147 4760 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:53:39.0180 4760 RemoteAccess - ok
20:53:39.0206 4760 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:53:39.0239 4760 RemoteRegistry - ok
20:53:39.0250 4760 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:53:39.0274 4760 RpcEptMapper - ok
20:53:39.0300 4760 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:53:39.0313 4760 RpcLocator - ok
20:53:39.0323 4760 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:53:39.0349 4760 RpcSs - ok
20:53:39.0355 4760 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:53:39.0379 4760 rspndr - ok
20:53:39.0404 4760 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:53:39.0418 4760 RTL8167 - ok
20:53:39.0431 4760 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:53:39.0441 4760 SamSs - ok
20:53:39.0482 4760 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:53:39.0507 4760 sbp2port - ok
20:53:39.0524 4760 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:53:39.0560 4760 SCardSvr - ok
20:53:39.0595 4760 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:53:39.0641 4760 scfilter - ok
20:53:39.0670 4760 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:53:39.0720 4760 Schedule - ok
20:53:39.0751 4760 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:53:39.0791 4760 SCPolicySvc - ok
20:53:39.0823 4760 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:53:39.0866 4760 SDRSVC - ok
20:53:39.0896 4760 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:53:39.0951 4760 secdrv - ok
20:53:39.0967 4760 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:53:40.0008 4760 seclogon - ok
20:53:40.0018 4760 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:53:40.0052 4760 SENS - ok
20:53:40.0074 4760 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:53:40.0107 4760 SensrSvc - ok
20:53:40.0125 4760 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:53:40.0136 4760 Serenum - ok
20:53:40.0149 4760 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:53:40.0168 4760 Serial - ok
20:53:40.0178 4760 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:53:40.0192 4760 sermouse - ok
20:53:40.0211 4760 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:53:40.0236 4760 SessionEnv - ok
20:53:40.0245 4760 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:53:40.0276 4760 sffdisk - ok
20:53:40.0290 4760 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:53:40.0315 4760 sffp_mmc - ok
20:53:40.0325 4760 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:53:40.0342 4760 sffp_sd - ok
20:53:40.0358 4760 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:53:40.0372 4760 sfloppy - ok
20:53:40.0424 4760 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:53:40.0457 4760 Sftfs - ok
20:53:40.0518 4760 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:53:40.0546 4760 sftlist - ok
20:53:40.0559 4760 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:53:40.0571 4760 Sftplay - ok
20:53:40.0579 4760 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:53:40.0588 4760 Sftredir - ok
20:53:40.0592 4760 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:53:40.0601 4760 Sftvol - ok
20:53:40.0622 4760 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:53:40.0633 4760 sftvsa - ok
20:53:40.0665 4760 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:53:40.0718 4760 SharedAccess - ok
20:53:40.0741 4760 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:53:40.0777 4760 ShellHWDetection - ok
20:53:40.0814 4760 [ F5AAA8CDDA25B6387AF590D676D25BAD ] simptcp C:\Windows\System32\tcpsvcs.exe
20:53:40.0830 4760 simptcp - ok
20:53:40.0843 4760 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:53:40.0857 4760 sisagp - ok
20:53:40.0896 4760 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:53:40.0919 4760 SiSRaid2 - ok
20:53:40.0939 4760 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:53:40.0953 4760 SiSRaid4 - ok
20:53:40.0979 4760 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:53:40.0992 4760 SkypeUpdate - ok
20:53:41.0012 4760 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:53:41.0042 4760 Smb - ok
20:53:41.0060 4760 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:53:41.0074 4760 SNMPTRAP - ok
20:53:41.0085 4760 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:53:41.0095 4760 spldr - ok
20:53:41.0124 4760 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:53:41.0164 4760 Spooler - ok
20:53:41.0239 4760 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:53:41.0303 4760 sppsvc - ok
20:53:41.0335 4760 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:53:41.0361 4760 sppuinotify - ok
20:53:41.0444 4760 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
20:53:41.0481 4760 SRTSP - ok
20:53:41.0492 4760 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
20:53:41.0502 4760 SRTSPX - ok
20:53:41.0541 4760 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:53:41.0588 4760 srv - ok
20:53:41.0616 4760 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:53:41.0659 4760 srv2 - ok
20:53:41.0685 4760 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:53:41.0717 4760 srvnet - ok
20:53:41.0739 4760 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:53:41.0785 4760 SSDPSRV - ok
20:53:41.0812 4760 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:53:41.0848 4760 SstpSvc - ok
20:53:41.0872 4760 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:53:41.0883 4760 stexstor - ok
20:53:41.0908 4760 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:53:41.0952 4760 StiSvc - ok
20:53:41.0985 4760 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:53:41.0998 4760 swenum - ok
20:53:42.0095 4760 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:53:42.0138 4760 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:53:42.0138 4760 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:53:42.0159 4760 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:53:42.0197 4760 swprv - ok
20:53:42.0231 4760 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS
20:53:42.0245 4760 SymDS - ok
20:53:42.0285 4760 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
20:53:42.0309 4760 SymEFA - ok
20:53:42.0334 4760 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:53:42.0346 4760 SymEvent - ok
20:53:42.0360 4760 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
20:53:42.0372 4760 SymIRON - ok
20:53:42.0400 4760 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
20:53:42.0415 4760 SymNetS - ok
20:53:42.0461 4760 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:53:42.0516 4760 SysMain - ok
20:53:42.0559 4760 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:53:42.0589 4760 TabletInputService - ok
20:53:42.0620 4760 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:53:42.0654 4760 TapiSrv - ok
20:53:42.0668 4760 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:53:42.0705 4760 TBS - ok
20:53:42.0775 4760 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:53:42.0842 4760 Tcpip - ok
20:53:42.0878 4760 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:53:42.0904 4760 TCPIP6 - ok
20:53:42.0945 4760 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:53:42.0996 4760 tcpipreg - ok
20:53:43.0044 4760 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:53:43.0086 4760 TDPIPE - ok
20:53:43.0113 4760 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:53:43.0135 4760 TDTCP - ok
20:53:43.0173 4760 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:53:43.0215 4760 tdx - ok
20:53:43.0242 4760 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:53:43.0256 4760 TermDD - ok
20:53:43.0273 4760 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:53:43.0310 4760 TermService - ok
20:53:43.0319 4760 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:53:43.0346 4760 Themes - ok
20:53:43.0364 4760 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:53:43.0390 4760 THREADORDER - ok
20:53:43.0411 4760 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:53:43.0477 4760 TrkWks - ok
20:53:43.0527 4760 [ BE45DAD1C73A3216EDC8C485916F6594 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
20:53:43.0556 4760 truecrypt - ok
20:53:43.0604 4760 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:53:43.0655 4760 TrustedInstaller - ok
20:53:43.0675 4760 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:43.0698 4760 tssecsrv - ok
20:53:43.0740 4760 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:53:43.0778 4760 TsUsbFlt - ok
20:53:43.0797 4760 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:53:43.0849 4760 tunnel - ok
20:53:43.0862 4760 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:53:43.0873 4760 uagp35 - ok
20:53:43.0886 4760 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:53:43.0922 4760 udfs - ok
20:53:43.0939 4760 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:53:43.0954 4760 UI0Detect - ok
20:53:43.0963 4760 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:53:43.0975 4760 uliagpkx - ok
20:53:44.0009 4760 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:53:44.0035 4760 umbus - ok
20:53:44.0054 4760 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:53:44.0069 4760 UmPass - ok
20:53:44.0172 4760 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:53:44.0203 4760 UMVPFSrv - ok
20:53:44.0228 4760 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:53:44.0268 4760 upnphost - ok
20:53:44.0296 4760 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:53:44.0332 4760 usbaudio - ok
20:53:44.0350 4760 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:53:44.0371 4760 usbccgp - ok
20:53:44.0386 4760 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:53:44.0410 4760 usbcir - ok
20:53:44.0426 4760 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:53:44.0440 4760 usbehci - ok
20:53:44.0484 4760 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:53:44.0510 4760 usbhub - ok
20:53:44.0521 4760 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:53:44.0536 4760 usbohci - ok
20:53:44.0553 4760 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:53:44.0570 4760 usbprint - ok
20:53:44.0594 4760 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:53:44.0629 4760 usbscan - ok
20:53:44.0651 4760 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:44.0687 4760 USBSTOR - ok
20:53:44.0705 4760 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:53:44.0727 4760 usbuhci - ok
20:53:44.0744 4760 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:53:44.0767 4760 UxSms - ok
20:53:44.0775 4760 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:53:44.0794 4760 VaultSvc - ok
20:53:44.0808 4760 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:53:44.0818 4760 vdrvroot - ok
20:53:44.0857 4760 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:53:44.0899 4760 vds - ok
20:53:44.0922 4760 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:44.0937 4760 vga - ok
20:53:44.0940 4760 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:53:44.0966 4760 VgaSave - ok
20:53:44.0983 4760 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:53:44.0997 4760 vhdmp - ok
20:53:45.0009 4760 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:53:45.0022 4760 viaagp - ok
20:53:45.0047 4760 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:53:45.0062 4760 ViaC7 - ok
20:53:45.0077 4760 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:53:45.0089 4760 viaide - ok
20:53:45.0097 4760 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:53:45.0109 4760 volmgr - ok
20:53:45.0125 4760 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:53:45.0142 4760 volmgrx - ok
20:53:45.0149 4760 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:53:45.0164 4760 volsnap - ok
20:53:45.0175 4760 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:53:45.0189 4760 vsmraid - ok
20:53:45.0227 4760 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:53:45.0262 4760 VSS - ok
20:53:45.0272 4760 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:53:45.0294 4760 vwifibus - ok
20:53:45.0315 4760 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:53:45.0350 4760 W32Time - ok
20:53:45.0372 4760 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:53:45.0403 4760 WacomPen - ok
20:53:45.0421 4760 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:53:45.0457 4760 WANARP - ok
20:53:45.0460 4760 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:53:45.0487 4760 Wanarpv6 - ok
20:53:45.0518 4760 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:53:45.0566 4760 wbengine - ok
20:53:45.0583 4760 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:53:45.0599 4760 WbioSrvc - ok
20:53:45.0632 4760 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:53:45.0666 4760 wcncsvc - ok
20:53:45.0679 4760 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:53:45.0707 4760 WcsPlugInService - ok
20:53:45.0719 4760 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:53:45.0732 4760 Wd - ok
20:53:45.0747 4760 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:53:45.0768 4760 Wdf01000 - ok
20:53:45.0777 4760 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:53:45.0840 4760 WdiServiceHost - ok
20:53:45.0844 4760 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:53:45.0867 4760 WdiSystemHost - ok
20:53:45.0880 4760 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:53:45.0911 4760 WebClient - ok
20:53:45.0931 4760 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:53:45.0959 4760 Wecsvc - ok
20:53:45.0971 4760 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:53:46.0012 4760 wercplsupport - ok
20:53:46.0035 4760 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:53:46.0067 4760 WerSvc - ok
20:53:46.0086 4760 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:53:46.0110 4760 WfpLwf - ok
20:53:46.0121 4760 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:53:46.0132 4760 WIMMount - ok
20:53:46.0173 4760 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:53:46.0222 4760 WinDefend - ok
20:53:46.0230 4760 WinHttpAutoProxySvc - ok
20:53:46.0275 4760 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:53:46.0318 4760 Winmgmt - ok
20:53:46.0347 4760 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:53:46.0412 4760 WinRM - ok
20:53:46.0441 4760 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:53:46.0488 4760 Wlansvc - ok
20:53:46.0516 4760 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:53:46.0546 4760 WmiAcpi - ok
20:53:46.0574 4760 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:53:46.0589 4760 wmiApSrv - ok
20:53:46.0623 4760 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:53:46.0688 4760 WMPNetworkSvc - ok
20:53:46.0704 4760 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:53:46.0739 4760 WPCSvc - ok
20:53:46.0769 4760 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:53:46.0814 4760 WPDBusEnum - ok
20:53:46.0840 4760 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:53:46.0888 4760 ws2ifsl - ok
20:53:46.0907 4760 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:53:46.0922 4760 wscsvc - ok
20:53:46.0925 4760 WSearch - ok
20:53:46.0975 4760 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:53:47.0014 4760 wuauserv - ok
20:53:47.0028 4760 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:53:47.0052 4760 WudfPf - ok
20:53:47.0082 4760 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:53:47.0106 4760 WUDFRd - ok
20:53:47.0132 4760 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:53:47.0159 4760 wudfsvc - ok
20:53:47.0173 4760 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:53:47.0200 4760 WwanSvc - ok
20:53:47.0204 4760 ================ Scan global ===============================
20:53:47.0221 4760 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:53:47.0251 4760 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
20:53:47.0258 4760 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
20:53:47.0280 4760 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:53:47.0289 4760 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:53:47.0292 4760 [Global] - ok
20:53:47.0292 4760 ================ Scan MBR ==================================
20:53:47.0300 4760 [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
20:53:49.0195 4760 \Device\Harddisk0\DR0 - ok
20:53:49.0229 4760 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk4\DR4
20:53:49.0575 4760 \Device\Harddisk4\DR4 - ok
20:53:49.0576 4760 ================ Scan VBR ==================================
20:53:49.0579 4760 [ 4DEA078EF180596AAA0903E8776226BD ] \Device\Harddisk0\DR0\Partition1
20:53:49.0582 4760 \Device\Harddisk0\DR0\Partition1 - ok
20:53:49.0607 4760 [ AC8ABF7C87D76A84F3FDDD95C8DD2AE9 ] \Device\Harddisk0\DR0\Partition2
20:53:49.0609 4760 \Device\Harddisk0\DR0\Partition2 - ok
20:53:49.0634 4760 [ 8B363CA7E0A725A7BCE3DD3C36926900 ] \Device\Harddisk0\DR0\Partition3
20:53:49.0635 4760 \Device\Harddisk0\DR0\Partition3 - ok
20:53:49.0647 4760 [ 3B25817B5C6760789982E710DC9E8185 ] \Device\Harddisk4\DR4\Partition1
20:53:49.0664 4760 \Device\Harddisk4\DR4\Partition1 - ok
20:53:49.0664 4760 ============================================================
20:53:49.0664 4760 Scan finished
20:53:49.0664 4760 ============================================================
20:53:49.0678 3692 Detected object count: 5
20:53:49.0678 3692 Actual detected object count: 5
20:54:00.0027 3692 Apache2.4 ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:00.0027 3692 Apache2.4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:54:00.0028 3692 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:00.0028 3692 DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:54:00.0029 3692 FAService ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:00.0029 3692 FAService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:54:00.0031 3692 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:00.0031 3692 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:54:00.0032 3692 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:54:00.0032 3692 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.10.2012, 20:59
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 21:36
| #28 |
| Gesperrt |  Malwarebytes findet Trojan.XBuild402 Oki doki, hier also der LOG: Code:
ATTFilter ComboFix 12-10-12.01 - DREAM 12.10.2012 22:15:26.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1263 [GMT 2:00]
ausgeführt von:: c:\users\DREAM\Downloads\ComboFix.exe
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\users\DREAM\AppData\Roaming\1&1
c:\users\DREAM\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\DREAM\AppData\Roaming\54D066.dat
c:\users\DREAM\AppData\Roaming\log.txt
c:\windows\system32\FlashPlayerInstaller.exe
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-12 bis 2012-10-12 ))))))))))))))))))))))))))))))
.
.
2012-10-12 20:27 . 2012-10-12 20:27 -------- d-----w- c:\users\DREAM\AppData\Local\temp
2012-10-12 20:27 . 2012-10-12 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 17:53 . 2012-10-12 17:53 -------- d-----w- C:\_OTL
2012-10-11 11:50 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 11:50 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 11:50 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 11:48 . 2012-10-11 11:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-11 09:23 . 2012-10-11 09:23 -------- d-----w- c:\users\DREAM\AppData\Roaming\ProtectDisc
2012-10-10 10:50 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 10:50 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 10:50 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 10:50 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 19:01 . 2012-10-09 19:01 -------- d-----w- c:\program files\ESET
2012-10-07 23:49 . 2012-10-07 23:49 -------- d-----w- c:\users\DREAM\AppData\Local\Systweak
2012-10-07 20:07 . 2012-10-07 20:09 -------- d-----w- c:\users\DREAM\AppData\Roaming\Wise Registry Cleaner
2012-10-07 20:06 . 2012-10-07 20:06 -------- d-----w- c:\program files\Wise
2012-10-07 19:57 . 2012-10-09 19:49 -------- d-----w- c:\users\DREAM\AppData\Roaming\Systweak
2012-10-07 16:05 . 2012-10-07 19:48 -------- d-----w- c:\windows\system32\RTCOM
2012-10-01 17:43 . 2012-10-01 17:43 -------- d-----w- c:\users\DREAM\AppData\Roaming\Blender Foundation
2012-09-29 18:22 . 2012-09-29 18:22 -------- d-----w- C:\install_50673c7c7edad
2012-09-29 08:05 . 2012-09-29 08:05 -------- d-----w- c:\program files\Common Files\Skype
2012-09-29 08:05 . 2012-09-29 08:05 -------- d-----r- c:\program files\Skype
2012-09-28 11:02 . 2012-09-28 11:03 -------- d-----w- c:\users\teddybaer
2012-09-28 09:49 . 2012-09-28 10:11 -------- d-----w- c:\program files\CCleaner
2012-09-27 11:51 . 2012-09-27 11:51 -------- d-----w- c:\program files\Common Files\Java
2012-09-27 11:49 . 2012-09-27 11:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-27 08:37 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-27 08:18 . 2012-09-27 08:18 -------- d-----w- c:\users\DREAM\AppData\Roaming\Malwarebytes
2012-09-27 08:18 . 2012-09-27 08:18 -------- d-----w- c:\programdata\Malwarebytes
2012-09-27 08:18 . 2012-09-27 08:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-27 08:18 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 10:46 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 07:54 . 2012-09-26 07:54 -------- d-----w- c:\users\DREAM\AppData\Local\DATA BECKER
2012-09-26 07:54 . 2012-09-26 07:54 -------- d-----w- c:\users\DREAM\AppData\Local\Chromium
2012-09-26 07:53 . 2012-09-26 07:53 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2012-09-26 07:53 . 2012-09-26 07:53 -------- d-----w- c:\program files\DATA BECKER
2012-09-25 20:52 . 2012-09-25 20:52 -------- d-----w- c:\users\DREAM\.thumbnails
2012-09-25 20:51 . 2012-09-25 20:51 -------- d-----w- c:\program files\Blender Foundation
2012-09-25 13:10 . 2012-09-25 13:10 -------- d-----w- c:\users\DREAM\AppData\Roaming\SmartFTP
2012-09-25 13:09 . 2012-09-25 13:11 -------- d-----w- c:\program files\SmartFTP Client
2012-09-25 13:08 . 2012-10-11 17:46 -------- d-sh--w- c:\users\DREAM\wc
2012-09-25 13:08 . 2012-09-25 13:08 -------- d-sh--w- c:\users\DREAM\AppData\Roaming\wyUpdate AU
2012-09-25 13:08 . 2012-09-25 13:08 -------- d-----w- c:\program files\SmartFTP Client 4.1 Setup Files
2012-09-25 13:08 . 2012-09-25 14:01 -------- d-----w- c:\users\DREAM\AppData\Roaming\Cyberduck
2012-09-25 13:07 . 2012-09-25 13:35 -------- d-----w- c:\program files\Cyberduck
2012-09-24 18:40 . 2012-10-04 07:37 -------- d-----w- c:\programdata\DAZ 3D
2012-09-24 13:38 . 2012-09-24 13:38 -------- d-----w- c:\program files\Common Files\DAZ
2012-09-24 13:34 . 2012-09-25 17:12 -------- d-----w- c:\program files\DAZ 3D
2012-09-24 13:33 . 2012-09-25 17:14 -------- d-----w- c:\users\DREAM\AppData\Roaming\DAZ 3D
2012-09-23 11:36 . 2012-09-23 11:36 -------- d-----w- c:\users\DREAM\AppData\Roaming\e-on software
2012-09-23 11:30 . 2012-09-23 11:30 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2012-09-23 11:30 . 2012-09-23 11:30 70 ----a-w- c:\windows\Vue 7 xStream.reg
2012-09-23 11:30 . 2012-09-23 11:30 70 ----a-w- c:\windows\Vue 6 xStream.reg
2012-09-23 11:22 . 2012-09-23 11:22 -------- d-----w- c:\program files\e-on software
2012-09-23 11:21 . 2012-09-23 11:36 -------- d-----w- c:\programdata\e-onsoftware
2012-09-21 05:27 . 2012-09-21 05:28 -------- d-----w- c:\program files\GUM4A6A.tmp
2012-09-18 07:11 . 2012-09-18 07:11 -------- d-----w- c:\programdata\Local Settings
2012-09-15 09:32 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 09:31 . 2012-09-15 09:31 -------- d-----w- c:\program files\iPod
2012-09-15 09:31 . 2012-09-15 09:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 09:31 . 2012-09-15 09:32 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 16:17 . 2012-04-03 19:04 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 16:17 . 2011-05-17 06:43 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:22 . 2012-09-29 18:22 1227777 ----a-w- C:\art-blog-1.6-unrar.first.zip
2012-09-29 17:24 . 2012-09-29 17:24 2235773 ----a-w- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip
2012-09-27 11:49 . 2012-07-03 20:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-27 11:49 . 2011-01-02 19:03 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 05:49 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 05:49 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 05:49 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 05:49 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-07-13 20:56 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-02 16:57 . 2012-09-12 05:49 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 20:57 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-10-11 11:48 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2012-08-13 5380512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-17 93832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Mikogo"="c:\users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2012-08-13 5380512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DREAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^DREAM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-07-30 13:02 640480 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2012-05-30 17:18 4331392 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-12-01 16:38 38400 ----a-r- c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FATrayAlert]
2010-11-17 12:29 93832 ----a-w- c:\program files\Sensible Vision\Fast Access\FATrayMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-03 18:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2006-05-04 04:58 998912 ----a-w- c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe
.
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 M4-Service;M4-Service;c:\users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121011.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 17517580
*Deregistered* - 17517580
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:17]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 11:35]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 11:35]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job
- c:\users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 11:35]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job
- c:\users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 11:35]
.
2012-10-12 c:\windows\Tasks\Norton Security Scan for DREAM.job
- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-10 00:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 83.169.186.161 83.169.186.225
FF - ProfilePath - c:\users\DREAM\AppData\Roaming\Mozilla\Firefox\Profiles\t125x6pa.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-FAStartup - (no file)
SafeBoot-BsScanner
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-Uznezo - c:\users\DREAM\AppData\Roaming\Keibef\fiobo.exe
AddRemove-Protect Disc License Helper - c:\users\DREAM\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\FAPassSync.DLL
.
Zeit der Fertigstellung: 2012-10-12 22:32:01
ComboFix-quarantined-files.txt 2012-10-12 20:31
.
Vor Suchlauf: 19 Verzeichnis(se), 859.916.193.792 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 859.579.998.208 Bytes frei
.
- - End Of File - - B711530C152E1A9669EE02B4DB569BAA
Hallo Cosinus, vielen Dank schon mal für Deine Hilfe! Der Systemstart ist jetzt superschnell und ich habe auch den ESET Scanner nochmal durchlaufen lassen und er hat nur noch einen Fehler gefunden!  Geht es jetzt noch weiter und sind die gefährlichen Dateien gelöscht? LG, Chrissie |
|
13.10.2012, 15:08
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malwarebytes findet Trojan.XBuild402 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.10.2012, 16:02
| #30 |
| Gesperrt | Malwarebytes findet Trojan.XBuild402 Also abstürzen tut es nicht, aber es dauert einfach ewig! Seit einem Tag scanne ich meine C:/ festplatte, was ist dann mit den anderen beiden? Ich habe noch eine kleine zweite Partition und eine Externe Festplatte, müssen die auch gescannt werden? |
|
| Themen zu Malwarebytes findet Trojan.XBuild402 |
| abgebrochen, administrator, anti-malware, appdata, autostart, code, datei, dateien, explorer, fehlermeldungen, folge, gen, log, malwarebytes, neu, scan, scanner, service, speicher, starten, suche, temp, test, trojan.xbuild402, version, virenscanner |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
