| chrissie65 | 09.10.2012 09:03 |
Also hier mal meine letzten Scans: Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.27.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DREAM :: DREAM-PC [Administrator]
Schutz: Aktiviert
27.09.2012 10:19:40
mbam-log-2012-09-27 (10-41-18).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 73976
Laufzeit: 18 Minute(n), 38 Sekunde(n) [Abgebrochen]
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\DREAM\AppData\Local\Temp\003ba045.exe (Trojan.XBuild402) -> Keine Aktion durchgeführt.
(Ende)
| Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.28.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DREAM :: DREAM-PC [Administrator]
Schutz: Aktiviert
28.09.2012 09:06:58
mbam-log-2012-09-28 (09-06-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 519043
Laufzeit: 3 Stunde(n), 21 Minute(n), 1 Sekunde(n) [Abgebrochen]
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\DREAM\AppData\Local\Temp\003ba045.exe (Trojan.XBuild402) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.28.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DREAM :: DREAM-PC [Administrator]
Schutz: Aktiviert
28.09.2012 09:06:58
mbam-log-2012-09-28 (12-40-48).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 519043
Laufzeit: 3 Stunde(n), 21 Minute(n), 1 Sekunde(n) [Abgebrochen]
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\DREAM\AppData\Local\Temp\003ba045.exe (Trojan.XBuild402) -> Keine Aktion durchgeführt.
(Ende)
| Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.09.28.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DREAM :: DREAM-PC [Administrator]
Schutz: Aktiviert
28.09.2012 13:11:20
mbam-log-2012-09-28 (13-11-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 2707096
Laufzeit: 6 Tag(en), 9 Stunde(n), 1 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
I:\2.FESTPLATTE\Chris-alt\DOWNLOAD\casinoaction.exe (Adware.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
I:\2.FESTPLATTE\Chris-alt\DOWNLOAD\goldentiger.exe (Adware.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
I:\Downloads\SoftonicDownloader_fuer_switch2eco.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.10.05.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DREAM :: DREAM-PC [Administrator]
Schutz: Aktiviert
05.10.2012 10:14:02
mbam-log-2012-10-05 (10-14-02).txt
Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 170272
Laufzeit: 1 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| Und hier noch ein QTL Scan
OTL Logfile: Code:
OTL Extras logfile created on: 09.10.2012 09:46:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,65% Memory free
5,98 Gb Paging File | 3,85 Gb Available in Paging File | 64,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 798,99 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 931,28 Gb Total Space | 704,37 Gb Free Space | 75,63% Space Free | Partition Type: FAT32
Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17BDDBB6-DB4D-4185-985F-C39F8BA543B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29DC8545-7FF7-44D0-BEAB-77E0E135C5FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{411A545B-978C-4756-8B3D-3F4D1D888EFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4438FC95-891B-44D9-A8AF-B3A863D32915}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5566973F-6B06-42BF-9461-C730979B7532}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F75084D-D143-4AF1-8F02-6EACBFBC6D96}" = lport=138 | protocol=17 | dir=in | app=system |
"{79682863-87F0-4CAB-9CED-8972F5A31303}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B486582-87A7-4ED8-8B1A-90C3D198C4A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{842BE5FA-41D8-4D32-860D-3CDF24AC3648}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{893D85B2-D204-4E6E-B50B-73C95A751694}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92CEB482-2102-48DA-8184-428FAA1DBD6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4D69FFF-DDB8-4390-998D-6C6972CBA54B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B56E8982-C8E8-4574-80A1-C080BD493BF1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6431F31-FA32-4C9E-8CAF-C3B1688FF676}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEF351AB-6B2D-49BE-9699-368D10A8F0C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C71D3679-C3A3-44D1-9ED2-4D1F5D939F4A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7AE957E-CEE1-4C35-9FA7-05850DC2D880}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA998E18-90B0-4F46-8195-45FFE76A9E06}" = lport=139 | protocol=6 | dir=in | app=system |
"{D707838A-C130-4C62-BB6D-37C50D3ED7EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDBAB3ED-038C-4DB7-A86B-805C18D632EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8916AD7-9860-45F2-A500-F3CD61542E9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8D725D1-AE93-4F63-9ACF-6F08AEF01AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB9247F9-3736-44EF-A671-63D675B22284}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBEA0C7C-6308-460F-82AB-FAFC84E3F165}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3834443-6052-4A2F-ADAC-B58972A9A138}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067BDDD5-E88F-4F77-8424-D4C666BEED5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{131E21E7-105D-48B8-8108-1ABE2C81355A}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"{14AA8C44-38CF-44BA-9239-08CA18E87E96}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1DE875B5-646E-462F-8FDD-CFD4FAA21975}" = protocol=6 | dir=in | app=c:\users\dream\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2EB40B70-893E-4CDD-89B4-979C2994E4F4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{3069E5D4-B6F0-4912-B573-D6376A65A11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3919FED0-0F40-4EBF-A89C-E754EDD97E2F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{436C5AA4-77A3-4976-BD94-C111648FFEEA}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{4D220EEF-D85E-4237-BCDA-512A4C4499A2}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{53650F5C-D434-4A68-A75C-6D45E0570210}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56DC7BD6-F073-49B3-B851-4D8679D8BE37}" = protocol=17 | dir=in | app=c:\users\dream\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5806F493-6DAB-442F-AB45-1618108AF2D6}" = protocol=6 | dir=in | app=c:\users\dream\appdata\roaming\dropbox\bin\dropbox.exe |
"{5D3F46A0-30F8-43DD-88B3-7656F78A8274}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5E7FD860-C0B3-446A-A6CC-67F440206209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{646A1B32-08B4-4228-BF8F-9E592D6D1B94}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{67A6EF57-342A-4AD2-8751-69AA71EA5D05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{68080813-554D-4160-A33B-7355DE3794B2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{751DBF45-4339-4DDE-9AA9-0E124D8E6D29}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{789F85A7-9C83-4484-9179-9EB8A47BDF5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7AD81709-D745-461F-9FD6-6E377C8354E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7FE5F545-F1F7-49D1-9752-6F5FC74875C4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{80A1FAED-1630-4727-9D5A-6F5618ED1F47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82F8C3C8-12E1-4675-99C9-8FAF349E5BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8441A8E0-FE6A-4B17-AD36-C33A7A618437}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{8AB4D3FE-2315-4B98-BF5C-8A65B57D12CB}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs5\photoshop.exe |
"{8CA1AE27-50D0-4054-B14E-02847BFAC9AE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{98032D9D-0835-4ACB-8B2E-1194F2DF7FCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{998A11D3-210B-41D4-B998-4C2A0BC80990}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9D79A500-D62F-4B1C-AA2E-141529744A5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EFD097C-0492-4E01-B95A-8492B8E26DCA}" = protocol=6 | dir=out | app=system |
"{A189F921-78D2-4E1D-84F3-AACDEA38FD07}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A2C8CD1C-D490-4504-808B-B75115E38AA8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{AB87329B-D471-484C-941A-4CD0B2F20EC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABC9B85B-7473-40A6-8570-4790D424A1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADF3E089-5326-4AA7-B6FA-E23A369E5D62}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1D16DD4-1062-4A2A-8938-58DFA5D93B9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB09047D-4BC5-4FF6-8F2D-B9150157191A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C25E5F34-8FF9-420D-9580-79F9A23A73DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3644949-CA01-4B11-B9B0-6E0B654BD3CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9D4B175-88AA-47D0-B8F3-BF72A9DB7FA6}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{DE5A89AF-2DCD-4540-B457-29B2AC72AA1A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E17C1327-AA14-4A3D-8E2E-1480977FB591}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EF58EA2E-B736-4475-BE2D-D8FC8879793E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F927ECB7-45DD-49CD-9532-8069E6287B80}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F9A93A41-7D46-4357-93AE-8400240561CB}" = protocol=17 | dir=in | app=c:\users\dream\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC0C09C5-EE17-467D-9E38-FA67649A726A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE7F4630-BCA6-41B9-990C-10E357938F94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF17C28C-CCB2-4E7C-9CC7-E378D2CF9B8B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{3320DB46-7BA5-47F3-8910-B2DB0F16E1F7}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{4347B095-2F5B-4B1C-89C1-EC5BBE6BA217}I:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=i:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe |
"TCP Query User{5A134FB6-168D-490D-878B-64CE69560AA8}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{72917F9B-A62B-4E62-8B69-FD6DED2B7E4A}I:\downloads\cms\mowes_portable\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=i:\downloads\cms\mowes_portable\apache2\bin\httpd.exe |
"TCP Query User{DD363A93-25A4-40AC-AE8A-AC3DB0471811}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{03015ED5-98A6-438E-8AC2-874BD1216A4A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{5FC380B7-F454-4E46-97CE-1BE5FDDD2EF6}I:\downloads\cms\mowes_portable\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=i:\downloads\cms\mowes_portable\apache2\bin\httpd.exe |
"UDP Query User{78CF522B-4508-40F9-B4A1-11300A5477CD}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{AC896AEB-EAF8-4115-9256-49EB93813546}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{CAA54093-FBD0-4D6A-8715-D254CF554730}I:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=i:\downloads\cms\mowes_portable\mysql\bin\mysqld-nt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{0E572078-CDA2-4AB6-9E67-5E2AFBAA676D}" = FastAccess
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{12060177-6B2B-41A8-BB0C-E3AFFDABAF33}" = NetObjects Fusion 1&1 Edition
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{1E5BC577-0F79-44B3-B5E0-D75EDDC8C0CB}" = Tweet Adder 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DF099-EA5C-482D-9901-C0A8B539B417}" = Microsoft Web Platform Installer 4.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97837F9F-6CD7-4C1D-9C37-D22EA3ACAE33}" = BMWi-Softwarepaket 9.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5A52C02-1618-47DB-8A92-559DE29048EC}_is1" = Akeeba eXtract Wizard 3.2
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{CFBE146C-7664-41D1-BFD8-61600736E24C}" = SmartFTP Client German (Germany) MUI
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6B9C3A4-64F2-480C-95A1-5838A3BFDC51}" = SmartFTP Client
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E8D7B35C-93B1-317E-9403-2BBBA2154ABF}" = Google Talk Plugin
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"057c882e103cd9589befac1883d55afa" = Farm Frenzy - Ancient Rome
"08ab9cbf5344299c7d466bd8e94d7e0a" = Cooking Dash(R) 3 - Thrills & Spills
"1&1 SmartFax" = 1&1 SmartFax
"10888a5b8643982a1f8e7de8c303ccbd" = Big Kahuna Reef 2 - Chain Reaction
"1632171a2b8ea5e52fba4dd4436f4b4a" = Roads of Rome
"28f0b55ac5f231e373ebfaf77e42d4f3" = SCRABBLE
"3004635e27ba1a91c6a0812b580c01d9" = Double Pack Roads of Rome Deluxe
"326770532953c7aa909f983f94eee2f2" = Double Pack Plants vs Zombies Insaniquarium Deluxe
"397ae26e3ce5ccdc1af478a7b69177be" = Farm Frenzy - Gone Fishing!
"4e37bd09df0b501e93734444fb8cdc07" = Jack of all Tribes
"60ebd19c0e663d8d762ede5c572b7ff6" = Roads of Rome 2
"61f6d19a00f59fc4d27e8eb21f84b843" = 4 Elements II Premium Edition
"827bc50d929d3142db3db7d83e32ee38" = Farm Frenzy - Viking Heroes
"A5 HTML5 Animator_is1" = DATA BECKER A5 HTML5 Animator
"a5ca1c6c4feb0b356ccfb636f44b4f77" = Roads of Rome 3
"a7d6a8b7310cd2714b7cd7402a53c2a8" = LandGrabbers
"a90308deb488b90b0543ff928e822886" = Farm Frenzy 3
"a9b3007c2352af4b800280e7d7c22300" = Restaurant Rush
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_7" = AIM 7
"Alien Skin Blow Up 3" = Alien Skin Blow Up 3
"Alien Skin Bokeh 2" = Alien Skin Bokeh 2
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"AvantBrowser" = Avant Browser (remove only)
"b69241404897e9d5e82a784891295943" = Big City Adventure(TM) - New York City
"b77c6168069db0258baa69a7cc6dee24" = Island Realms
"bd1a1f16cb175a721d7add372740fd2b" = Autumn's Treasures - The Jade Coin
"bee08a15c88e44341c4f6d8ccb3ee246" = Fitness Dash(TM)
"BFG-Cassandras Abenteuer - Das Vermaechtnis von Nostradamus" = Cassandras Abenteuer: Das Vermächtnis von Nostradamus
"Blender" = Blender
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"c40ba4951166b25188105b97864d7512" = Delicious - Emily's True Love Deluxe
"c411b85904f5f013a4ea53a5fc416ae6" = Farm Frenzy 3 - American Pie
"CCleaner" = CCleaner
"cd50fcf2fa979c22ba6eff7bb7460b7a" = Jane's Hotel
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cyberduck" = Cyberduck 4.2.1 (9350)
"d81afa1ea41cb6f904a9dd1e78a7a567" = Double Pack Cradle of Rome and Persia Deluxe
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.5 4.5.0.114" = DAZ Studio 4.5
"Debut" = Debut Video Capture Software
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ExpressBurn" = Express Burn Disc Burning Software
"FastStone Capture" = FastStone Capture 5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Google Chrome" = Google Chrome
"GSiteCrawler" = GSiteCrawler
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Logitech Vid" = Logitech Vid HD
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Maxthon3" = Maxthon 3
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mikogo" = Mikogo
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.10.2092" = Opera 11.10
"PEGASTAR® Personal Books" = PEGASTAR® Personal Books
"Pflanzen gegen Zombies Deluxe" = Pflanzen gegen Zombies Deluxe
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Prism" = Prism Video File Converter
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RegClean Pro_is1" = RegClean Pro
"Security Task Manager" = Security Task Manager 1.8d
"Shockwave" = Shockwave
"SmartFTP Client 4.1 Setup Files" = SmartFTP Client 4.1 Setup Files (remove only)
"ST6UNST #1" = SizeMe 1.0
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"TYPO3Winstaller_4.7.3" = TYPO3Winstaller - TYPO3 4.7.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"Vue 10 32bit" = Vue 10 32bit
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.45
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"xampp" = XAMPP 1.8.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
"Mikogo 4" = Mikogo 4
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Ranch Rush 2 Deluxe" = Ranch Rush 2 Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:43 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:44 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 15:43:44 | Computer Name = DREAM-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 07.10.2012 16:01:49 | Computer Name = DREAM-PC | Source = VSS | ID = 8194
Description =
Error - 09.10.2012 01:56:36 | Computer Name = DREAM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 14.0.8117.416,
Zeitstempel: 0x4bc9368e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00047732 ID des fehlerhaften
Prozesses: 0x1630 Startzeit der fehlerhaften Anwendung: 0x01cda5e2b5cecbf3 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 15942ce0-11d6-11e2-ad2d-6c626d82a5ef
[ Media Center Events ]
Error - 24.02.2011 23:24:49 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:24:49 - Fehler beim Herstellen der Internetverbindung. 04:24:49
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 23:24:54 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:24:54 - Fehler beim Herstellen der Internetverbindung. 04:24:54
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 22:01:34 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 03:01:34 - Fehler beim Herstellen der Internetverbindung. 03:01:34
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 22:01:43 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 03:01:39 - Fehler beim Herstellen der Internetverbindung. 03:01:39
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 23:01:49 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:01:49 - Fehler beim Herstellen der Internetverbindung. 04:01:49
- Serververbindung konnte nicht hergestellt werden..
Error - 25.02.2011 23:01:58 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 04:01:55 - Fehler beim Herstellen der Internetverbindung. 04:01:55
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 00:02:03 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 05:02:03 - Fehler beim Herstellen der Internetverbindung. 05:02:03
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 00:02:08 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 05:02:08 - Fehler beim Herstellen der Internetverbindung. 05:02:08
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 01:02:13 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 06:02:13 - Fehler beim Herstellen der Internetverbindung. 06:02:13
- Serververbindung konnte nicht hergestellt werden..
Error - 26.02.2011 01:02:18 | Computer Name = DREAM-PC | Source = MCUpdate | ID = 0
Description = 06:02:18 - Fehler beim Herstellen der Internetverbindung. 06:02:18
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 08.10.2012 02:07:05 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 08.10.2012 02:07:35 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 08.10.2012 02:07:35 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.10.2012 02:07:35 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.10.2012 02:08:05 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MMCSS erreicht.
Error - 08.10.2012 02:08:05 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Multimediaklassenplaner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.10.2012 02:08:35 | Computer Name = DREAM-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 08.10.2012 02:34:10 | Computer Name = DREAM-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
Error - 08.10.2012 14:52:05 | Computer Name = DREAM-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?10.?2012 um 20:49:41 unerwartet heruntergefahren.
Error - 09.10.2012 03:14:20 | Computer Name = DREAM-PC | Source = DCOM | ID = 10010
Description =
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 09.10.2012 09:46:23 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DREAM\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,65% Memory free
5,98 Gb Paging File | 3,85 Gb Available in Paging File | 64,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 798,99 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,22 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 931,28 Gb Total Space | 704,37 Gb Free Space | 75,63% Space Free | Partition Type: FAT32
Computer Name: DREAM-PC | User Name: DREAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\DREAM\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Capture.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe ()
PRC - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\DREAM\AppData\Roaming\Mozilla\Firefox\Profiles\dx4or874.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll ()
MOD - C:\Program Files\IDM Computer Solutions\UltraCompare\UC_ShellExt.dll ()
MOD - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Windows\System32\FAIEExtension.dll ()
MOD - C:\Windows\System32\FAib.dll ()
MOD - C:\Windows\System32\FACrashRpt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (M4-Service) -- C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Corporation)
SRV - (Apache2.4) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FAService) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121008.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121008.025\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121006.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys (Symantec Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0007002"
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.comhxxp://www.medion.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.channel-live.tv/anmelden.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0007002"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1137e37-cecc-4cbb-ba8f-e598748d4bd3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{2FEFC237-DDCF-46C2-823A-634556AA9CAA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120405074420175&tb_oid=05-04-2012&tb_mrud=05-04-2012
IE - HKCU\..\SearchScopes\{6631FA36-8D1C-46EF-A9AD-CF639AE383C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.0.1
FF - prefs.js..extensions.enabledAddons: firepicker@thedarkone:1.4.1
FF - prefs.js..extensions.enabledAddons: firequery@binaryage.com:1.2
FF - prefs.js..extensions.enabledAddons: pixelzoomer@matthiasschuetz.com:1.3
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:1.90.6
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.1
FF - prefs.js..extensions.enabledAddons: validator@totalvalidator.com:7.4.0
FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.3
FF - prefs.js..extensions.enabledAddons: {02450914-cdd9-410f-b1da-db004e18c671}:0.96.5c
FF - prefs.js..extensions.enabledAddons: {04426594-bce6-4705-b811-bcdba2fd9c7b}:1.7
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.17
FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6
FF - prefs.js..extensions.enabledAddons: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.9
FF - prefs.js..extensions.enabledAddons: {c75a27d8-4529-449f-b67b-aba65d7a1c0a}:3.8
FF - prefs.js..extensions.enabledAddons: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9
FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.3
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.1
FF - prefs.js..extensions.enabledAddons: rainbow@colors.org:1.5.1
FF - prefs.js..extensions.enabledAddons: flashfirebug@o-minds.com:4.4
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DREAM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.02 11:50:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files\Sensible Vision\Fast Access\xpcom_fasso\ [2011.01.05 18:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.30 23:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.10.09 08:00:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.09.09 01:12:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 10:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 10:53:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.04 10:53:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.04 10:53:34 | 000,000,000 | ---D | M]
[2011.01.01 22:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Extensions
[2012.09.03 20:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions
[2012.07.11 16:10:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.12.30 12:22:35 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2012.07.09 22:31:27 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2012.06.30 23:04:17 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012.06.30 23:04:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.01.02 12:32:48 | 000,000,000 | ---D | M] (SEO Website Analysis) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}
[2012.03.30 10:32:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.25 08:02:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.03.26 23:21:49 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.07.03 10:00:24 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\firefox@ghostery.com
[2012.07.07 17:41:18 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\flashfirebug@o-minds.com
[2012.02.09 00:10:12 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\piclens@cooliris.com
[2012.03.22 19:29:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\support@lastpass.com
[2012.06.30 23:04:16 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\DREAM\AppData\Roaming\mozilla\Firefox\Profiles\dx4or874.default\extensions\webrank-toolbar@probcomp.com
[2012.07.17 10:37:53 | 001,611,859 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\firebug@software.joehewitt.com.xpi
[2012.05.13 09:36:29 | 000,038,314 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\firepicker@thedarkone.xpi
[2012.04.23 10:29:50 | 000,104,655 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\firequery@binaryage.com.xpi
[2012.05.13 09:36:29 | 000,072,936 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\pixelzoomer@matthiasschuetz.com.xpi
[2012.09.03 20:25:17 | 000,470,149 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\rainbow@colors.org.xpi
[2012.04.05 09:44:47 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.05.12 09:50:06 | 000,083,408 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\validator@totalvalidator.com.xpi
[2012.06.14 09:11:27 | 000,089,075 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi
[2011.10.20 14:18:20 | 000,018,202 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi
[2012.03.02 20:37:33 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.01.16 19:37:17 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2012.09.03 20:25:17 | 001,136,465 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.07.20 11:53:59 | 000,070,401 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}.xpi
[2011.05.15 17:56:16 | 000,013,574 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{d2daedbc-1776-40d8-a376-9b0b27d06e49}.xpi
[2012.02.03 00:12:09 | 000,126,766 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi
[2012.03.27 23:21:27 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011.02.19 01:44:02 | 000,002,342 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\searchplugins\aol-search.xml
[2012.01.05 14:50:44 | 000,000,915 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\searchplugins\conduit.xml
[2011.01.13 14:15:27 | 000,002,167 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\searchplugins\oneview.xml
[2012.03.20 10:15:17 | 000,003,935 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mozilla\firefox\profiles\dx4or874.default\searchplugins\sweetim.xml
[2012.10.04 10:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.04 10:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.10.04 10:53:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.09.01 19:13:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 19:13:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.01 19:13:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.01 19:13:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.01 19:13:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.01 19:13:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DREAM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\DREAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Mikogo] C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DREAM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BC47DC-B626-42D7-88A6-1542B81B945D}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 09:56:50 | 000,000,036 | RH-- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - I:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Adobe CS5\Set-up.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.09 09:49:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.09 09:43:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DREAM\Desktop\OTL.exe
[2012.10.08 01:49:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Systweak
[2012.10.07 22:07:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Wise Registry Cleaner
[2012.10.07 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012.10.07 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012.10.07 21:57:58 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Systweak
[2012.10.07 21:57:57 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.10.07 21:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.10.07 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012.10.07 18:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.10.07 18:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.10.07 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Uniblue
[2012.10.07 18:05:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.10.07 18:04:57 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.10.07 18:04:57 | 001,759,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012.10.07 18:04:57 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012.10.07 18:04:57 | 000,367,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012.10.07 18:04:57 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012.10.07 18:04:57 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.10.07 18:04:57 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.10.07 18:04:57 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.10.07 18:04:57 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.10.07 18:04:57 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012.10.07 18:04:57 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.10.07 18:04:57 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012.10.07 18:04:57 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012.10.07 18:04:57 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2012.10.07 18:04:56 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.10.07 18:04:56 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012.10.07 18:04:56 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012.10.07 18:04:56 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012.10.07 18:04:56 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012.10.07 18:04:56 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012.10.07 18:04:56 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012.10.07 18:04:56 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.10.07 18:04:56 | 000,299,936 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.10.07 18:04:56 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012.10.07 18:04:56 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012.10.07 18:04:56 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012.10.07 18:04:56 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012.10.07 18:04:56 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012.10.07 18:04:56 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012.10.07 18:04:56 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012.10.07 18:04:56 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012.10.04 10:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.04 09:06:42 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\private
[2012.10.01 19:43:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Blender Foundation
[2012.09.29 20:22:52 | 000,000,000 | ---D | C] -- C:\install_50673c7c7edad
[2012.09.29 17:35:18 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\joomla-template
[2012.09.29 11:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.29 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.29 10:05:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.29 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.28 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.28 11:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.27 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Virusverdacht
[2012.09.27 13:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.27 13:50:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.27 13:49:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.27 13:49:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.27 13:49:30 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.27 10:37:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.09.27 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Malwarebytes
[2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.27 10:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.27 10:18:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 10:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.26 14:02:25 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Hexagon
[2012.09.26 12:46:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.26 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\DATA BECKER
[2012.09.26 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Local\Chromium
[2012.09.26 09:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER
[2012.09.26 09:53:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\A5 HTML5 Animator Projekte
[2012.09.26 09:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\DATA BECKER
[2012.09.25 22:52:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\.thumbnails
[2012.09.25 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012.09.25 22:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012.09.25 15:10:27 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\SmartFTP
[2012.09.25 15:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
[2012.09.25 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2012.09.25 15:08:41 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\wc
[2012.09.25 15:08:40 | 000,000,000 | -HSD | C] -- C:\Users\DREAM\AppData\Roaming\wyUpdate AU
[2012.09.25 15:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.1 Setup Files
[2012.09.25 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cyberduck
[2012.09.25 15:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
[2012.09.25 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberduck
[2012.09.25 07:37:26 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\DAZ 3D
[2012.09.24 22:58:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2012.09.24 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\Bryce
[2012.09.24 20:41:00 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012.09.24 20:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2012.09.24 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2012.09.24 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DAZ
[2012.09.24 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2012.09.24 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\DAZ 3D
[2012.09.23 13:36:06 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\e-on software
[2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-on software
[2012.09.23 13:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-on software
[2012.09.23 13:24:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Documents\e-on software
[2012.09.23 13:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\e-on software
[2012.09.23 13:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\e-onsoftware
[2012.09.23 03:01:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 03:01:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 03:01:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 03:01:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 03:01:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 03:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Veohpu
[2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ilados
[2012.09.19 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Amqoev
[2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Xeavp
[2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Noirna
[2012.09.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cufuta
[2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ihaf
[2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ewasa
[2012.09.19 10:15:54 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Cakyna
[2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Ykavu
[2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Gaqyqy
[2012.09.19 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Alezo
[2012.09.18 09:12:08 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Eqko
[2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Upurv
[2012.09.18 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\DREAM\AppData\Roaming\Keibef
[2012.09.18 09:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.09.16 10:03:39 | 000,000,000 | ---D | C] -- C:\Users\DREAM\Desktop\Responsive-Webdesign
[2012.09.15 11:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.15 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.15 11:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.12 07:49:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.12 07:49:26 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.12 07:49:26 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.12 07:49:26 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.01.16 00:11:08 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\Users\DREAM\FileZilla_3.5.3_win32-setup.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.09 09:49:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.09 09:43:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DREAM\Desktop\OTL.exe
[2012.10.09 09:33:34 | 000,302,592 | ---- | M] () -- C:\Users\DREAM\Desktop\mu6suupq.exe
[2012.10.09 09:33:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job
[2012.10.09 09:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 09:08:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 09:08:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 08:44:00 | 000,002,576 | ---- | M] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8}
[2012.10.09 08:14:27 | 000,697,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.09 08:14:27 | 000,652,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.09 08:14:27 | 000,148,314 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.09 08:14:27 | 000,121,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.09 08:09:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 08:09:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 08:00:37 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.10.09 07:59:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 07:59:43 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.08 21:27:06 | 000,001,904 | ---- | M] () -- C:\Users\DREAM\Desktop\Kindle.lnk
[2012.10.08 17:25:21 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for DREAM.job
[2012.10.08 15:02:17 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.10.08 08:06:32 | 000,002,472 | ---- | M] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB}
[2012.10.08 08:04:39 | 000,002,584 | ---- | M] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E}
[2012.10.08 07:32:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job
[2012.10.07 22:23:13 | 000,193,553 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma
[2012.10.07 22:20:45 | 000,171,103 | ---- | M] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma
[2012.10.07 22:16:02 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.10.07 21:57:56 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 20:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.07 18:54:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012.10.07 17:01:43 | 000,001,264 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.10.07 16:57:57 | 000,013,312 | ---- | M] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.04 16:57:19 | 000,023,588 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat
[2012.10.04 09:41:36 | 000,000,017 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan
[2012.10.02 08:34:30 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.01 09:22:25 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00003409.LCS
[2012.09.29 20:22:49 | 001,227,777 | ---- | M] () -- C:\art-blog-1.6-unrar.first.zip
[2012.09.29 19:24:45 | 002,235,773 | ---- | M] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip
[2012.09.29 11:30:28 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012.09.29 10:10:42 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.29 10:10:41 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.28 17:16:19 | 000,002,448 | ---- | M] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189}
[2012.09.28 12:11:20 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.27 13:49:24 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.27 13:49:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.27 13:49:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.27 13:49:23 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.27 13:49:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.27 13:49:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.27 11:46:34 | 000,000,000 | ---- | M] () -- C:\Users\DREAM\defogger_reenable
[2012.09.27 11:27:02 | 000,001,704 | ---- | M] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73}
[2012.09.27 11:08:26 | 000,001,448 | ---- | M] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE}
[2012.09.27 10:55:33 | 000,001,704 | ---- | M] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC}
[2012.09.26 10:48:20 | 000,002,392 | ---- | M] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6}
[2012.09.26 10:03:32 | 000,002,128 | ---- | M] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573}
[2012.09.26 09:53:15 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk
[2012.09.26 09:27:33 | 000,002,152 | ---- | M] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A}
[2012.09.25 15:10:11 | 000,002,240 | ---- | M] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2}
[2012.09.25 09:56:09 | 000,002,152 | ---- | M] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569}
[2012.09.23 13:30:28 | 000,000,072 | ---- | M] () -- C:\Windows\Vue 7.5 xStream.reg
[2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 7 xStream.reg
[2012.09.23 13:30:28 | 000,000,070 | ---- | M] () -- C:\Windows\Vue 6 xStream.reg
[2012.09.21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012.09.19 10:51:51 | 000,000,575 | ---- | M] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat
[2012.09.18 11:49:01 | 000,001,456 | ---- | M] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.09.17 10:38:13 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI
[2012.09.16 09:31:34 | 000,002,376 | ---- | M] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067}
[2012.09.15 12:21:01 | 000,002,280 | ---- | M] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB}
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.09 09:33:34 | 000,302,592 | ---- | C] () -- C:\Users\DREAM\Desktop\mu6suupq.exe
[2012.10.09 08:44:00 | 000,002,576 | ---- | C] () -- C:\{6A051E86-D848-4C0D-8A34-C72A16DD51E8}
[2012.10.08 21:27:06 | 000,001,904 | ---- | C] () -- C:\Users\DREAM\Desktop\Kindle.lnk
[2012.10.08 08:06:31 | 000,002,472 | ---- | C] () -- C:\{7F42B75D-7654-4644-89FD-C803D572BDBB}
[2012.10.08 08:04:37 | 000,002,584 | ---- | C] () -- C:\{6DA5C51A-B496-46E9-B80C-167346E60D3E}
[2012.10.07 22:23:13 | 000,193,553 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (2).wma
[2012.10.07 22:20:45 | 000,171,103 | ---- | C] () -- C:\Users\DREAM\Documents\Unbenannt (4).wma
[2012.10.07 21:58:03 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.10.07 21:58:02 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.10.07 21:57:56 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 20:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.07 18:55:39 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012.10.07 18:51:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012.10.04 09:41:36 | 000,000,017 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\mbam.context.scan
[2012.09.29 20:22:48 | 001,227,777 | ---- | C] () -- C:\art-blog-1.6-unrar.first.zip
[2012.09.29 19:24:28 | 002,235,773 | ---- | C] () -- C:\Joomla_2.5.x_to_2.5.7-Stable-Patch_Package.zip
[2012.09.28 17:16:14 | 000,002,448 | ---- | C] () -- C:\{A4D2023A-F4E0-4CEF-BE54-BBFEE7BDA189}
[2012.09.28 12:11:18 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.27 11:46:34 | 000,000,000 | ---- | C] () -- C:\Users\DREAM\defogger_reenable
[2012.09.27 11:26:58 | 000,001,704 | ---- | C] () -- C:\{05819579-803D-48E6-A81F-A1D4BBD50F73}
[2012.09.27 11:08:19 | 000,001,448 | ---- | C] () -- C:\{38829E27-3DAD-4D06-B89B-0985CAD2EBBE}
[2012.09.27 10:55:32 | 000,001,704 | ---- | C] () -- C:\{5AAA5D7F-D2BC-4B2D-9D10-44F6406E71FC}
[2012.09.27 10:27:22 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.09.26 10:48:19 | 000,002,392 | ---- | C] () -- C:\{9E6CC32E-A712-4594-AC2A-42956869D0B6}
[2012.09.26 10:03:32 | 000,002,128 | ---- | C] () -- C:\{111BEC3A-582F-4CDC-A998-06B692E7B573}
[2012.09.26 09:54:07 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00003409.LCS
[2012.09.26 09:53:15 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\A5 HTML5 Animator.lnk
[2012.09.26 09:27:32 | 000,002,152 | ---- | C] () -- C:\{477FAC5A-8E0D-4A2D-A447-0491B9B1789A}
[2012.09.25 15:10:10 | 000,002,240 | ---- | C] () -- C:\{F9848F6D-68E5-4440-808F-BA050837ECC2}
[2012.09.25 09:56:08 | 000,002,152 | ---- | C] () -- C:\{381E3CA7-BC59-457A-95F5-4605E3829569}
[2012.09.23 13:30:28 | 000,000,072 | ---- | C] () -- C:\Windows\Vue 7.5 xStream.reg
[2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 7 xStream.reg
[2012.09.23 13:30:28 | 000,000,070 | ---- | C] () -- C:\Windows\Vue 6 xStream.reg
[2012.09.19 10:51:51 | 000,000,575 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\54D066.dat
[2012.09.16 09:31:33 | 000,002,376 | ---- | C] () -- C:\{6A15AFD8-CA8B-4971-BF73-A81589DC0067}
[2012.09.15 12:21:00 | 000,002,280 | ---- | C] () -- C:\{40E94D1A-5327-4C31-A7A9-31F212D3C9DB}
[2012.09.10 15:26:21 | 000,002,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012.08.21 11:08:33 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.07.03 19:37:28 | 000,000,600 | ---- | C] () -- C:\Users\DREAM\AppData\Local\PUTTY.RND
[2012.05.27 10:30:13 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll
[2012.04.16 08:04:13 | 000,000,085 | ---- | C] () -- C:\Users\DREAM\mm_backup.cfg
[2012.03.27 12:04:52 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.02.05 12:18:31 | 000,005,028 | ---- | C] () -- C:\ProgramData\cgatmfqq.mbd
[2012.02.02 11:13:39 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2012.01.19 17:08:17 | 000,071,558 | ---- | C] () -- C:\Windows\php.ini
[2012.01.06 11:11:07 | 000,001,456 | ---- | C] () -- C:\Users\DREAM\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 07:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.23 18:22:38 | 000,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.03.05 19:04:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2011.01.23 12:40:48 | 000,000,132 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.07 14:24:19 | 000,000,247 | ---- | C] () -- C:\Windows\pegaadr.ini
[2011.01.07 14:24:19 | 000,000,158 | ---- | C] () -- C:\Windows\pegatext.ini
[2011.01.07 14:23:23 | 000,000,416 | ---- | C] () -- C:\Windows\PSBooks.INI
[2011.01.06 13:52:19 | 000,023,588 | ---- | C] () -- C:\Users\DREAM\AppData\Roaming\wklnhst.dat
[2011.01.02 20:54:48 | 000,013,312 | ---- | C] () -- C:\Users\DREAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.02 16:05:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.02 16:00:52 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.01.01 23:55:44 | 000,000,668 | ---- | C] () -- C:\Windows\asglobe.ini
[2011.01.01 22:45:07 | 000,051,815 | R--- | C] () -- C:\Windows\System32\QPRO200.DLL
[2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC4.DLL
[2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\Jucalc2.dll
[2011.01.01 22:44:29 | 000,100,352 | R--- | C] () -- C:\Windows\System32\JUCALC.DLL
[2011.01.01 22:44:27 | 000,282,112 | R--- | C] () -- C:\Windows\System32\ASTR.DLL
[2011.01.01 22:44:27 | 000,112,640 | R--- | C] () -- C:\Windows\System32\AW300.DLL
[2010.11.17 14:29:26 | 000,087,176 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll
[2010.11.17 14:29:22 | 000,057,480 | ---- | C] () -- C:\Windows\System32\FAib.dll
[2010.11.17 14:29:14 | 000,249,480 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FDDD8917
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
--- --- --- |
