Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
50 Euro Virus hat auch mich erwischt

50 Euro Virus hat auch mich erwischt


Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus hat auch mich erwischt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 24.02.2012, 18:16   #1
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Hallo, auch bei mir erscheint ein Fenster : Aus Sicherheitsgründen wurde das Windowssystem blockiert ! und ich müsse 50 Euro bezahlen um den PC zu bereinigen und die Viren zu löschen. Ich bitte Sie um die Hilfe. Vielen Dank im Voraus
P.S. Extras.Txt ist bei mir zu groß und kann nicht hochgeladen werden

Alt 24.02.2012, 20:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetvebindung?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________
Alt 24.02.2012, 22:03   #3
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Danke für die schnelle Antwort...

Der abgesicherte Modus funktioniert sowohl mit Netzwerktreibern als auch mit Internetvebindung
__________________
Alt 25.02.2012, 00:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2012, 15:58   #5
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.26.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
bodbeli :: BODBELI-PC [Administrator]

Schutz: Deaktiviert

26.02.2012 14:54:41
mbam-log-2012-02-26 (14-54-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 466657
Laufzeit: 1 Stunde(n), 1 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{79276DA1-5CD6-11DF-8C8F-806E6F6E6963} (Backdoor.Agent.H) -> Daten: C:\Users\bodbeli\AppData\Roaming\Microsoft\torrent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\bodbeli\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bodbeli\AppData\Local\Temp\0.7342632269969541.exe (Backdoor.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Alt 26.02.2012, 17:53   #6
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec8f4d5f971024d969df8348d7a1355
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 03:20:08
# local_time=2012-02-26 04:20:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 171590 81899190 0 0
# compatibility_mode=8192 67108863 100 0 3683 3683 0 0
# scanned=39333
# found=1
# cleaned=1
# scan_time=268
C:\$Recycle.Bin\S-1-5-21-2630102896-260595033-1478422663-1001\$RGNZKQ5.exe	a variant of Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ec8f4d5f971024d969df8348d7a1355
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 04:49:26
# local_time=2012-02-26 05:49:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 171924 81899524 0 0
# compatibility_mode=8192 67108863 100 0 4017 4017 0 0
# scanned=266442
# found=15
# cleaned=0
# scan_time=5291
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3bc8e340-3627cb25	a variant of Win32/Kryptik.AAQQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\bodbeli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\45090779-4dc5bcb9	Java/Exploit.CVE-2011-3544.S trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-07-31 212506\Backup Files 2011-08-10 235053\Backup files 1.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-07-31 212506\Backup Files 2011-08-10 235053\Backup files 2.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-07-31 212506\Backup Files 2011-08-10 235053\Backup files 5.zip	JS/Kryptik.CG trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-07-31 212506\Backup Files 2011-08-14 220330\Backup files 2.zip	JS/Kryptik.BY trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-08-21 221541\Backup Files 2011-08-21 221541\Backup files 4.zip	JS/Kryptik.BY trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-10-23 190002\Backup Files 2011-11-06 190002\Backup files 3.zip	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-11-13 200215\Backup Files 2011-11-20 231645\Backup files 1.zip	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-12-18 190002\Backup Files 2012-01-08 225240\Backup files 1.zip	JS/Kryptik.FY.Gen trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2011-12-18 190002\Backup Files 2012-01-08 225240\Backup files 4.zip	Java/Exploit.CVE-2011-3544.S trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2012-01-15 190002\Backup Files 2012-01-15 190002\Backup files 5.zip	Java/Exploit.CVE-2011-3544.S trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2012-02-05 214511\Backup Files 2012-02-05 214511\Backup files 5.zip	Java/Exploit.CVE-2011-3544.S trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2012-02-19 230922\Backup Files 2012-02-19 230922\Backup files 1.zip	a variant of Win32/Kryptik.AAQQ trojan (unable to clean)	00000000000000000000000000000000	I
D:\BODBELI-PC\Backup Set 2012-02-19 230922\Backup Files 2012-02-19 230922\Backup files 5.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I

Alt 26.02.2012, 17:54   #7
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Vielen Dank noch mal...

Alt 26.02.2012, 18:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Funktioniert der normale Modus wieder?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2012, 19:13   #9
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


wie bis jetzt aussieht, der normale Modus funktioniert wieder...
danke.........

Alt 26.02.2012, 19:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2012, 23:14   #11
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Hier Inhalt aus OTL.txt
Code:
ATTFilter
OTL logfile created on: 26.02.2012 22:51:48 - Run 2
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\bodbeli\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,11% Memory free
7,59 Gb Paging File | 6,58 Gb Available in Paging File | 86,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 62,25 Gb Free Space | 53,46% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 199,35 Gb Free Space | 59,92% Space Free | Partition Type: NTFS
 
Computer Name: BODBELI-PC | User Name: bodbeli | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bodbeli\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vwl.uni-muenchen.de/
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.vwl.uni-muenchen.de/"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 09:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.06 12:59:53 | 000,000,000 | ---D | M]
 
[2011.06.15 22:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bodbeli\AppData\Roaming\mozilla\Extensions
[2011.11.09 00:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 11:00:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 09:21:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.06 12:59:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.19 09:21:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 09:21:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 09:21:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 09:21:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 09:21:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 09:21:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 10:00:38 | 000,000,897 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.28	asa-cluster.lrz.de
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F1D260C-B51B-4C2D-934A-B37B3E419DC1}: DhcpNameServer = 10.156.33.53 129.187.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABD17F0-6A14-4A65-AA1E-EFFED453A618}: NameServer = 10.149.184.2,10.156.33.53
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell - "" = AutoRun
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.26 16:12:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bodbeli\Desktop\esetsmartinstaller_enu.exe
[2012.02.26 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Malwarebytes
[2012.02.26 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.26 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.26 14:11:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.26 14:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.26 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Local\ElevatedDiagnostics
[2012.02.26 14:03:22 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\bodbeli\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.24 17:42:43 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\bodbeli\Desktop\OTL.exe
[2012.02.24 17:41:13 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\bodbeli\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.16 12:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012.02.16 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.02.16 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.02.16 12:43:06 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Documents\Visual Studio 2008
[2012.02.16 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 9.0 Express Edition
[2012.02.16 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.02.16 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.02.16 12:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012.02.16 12:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2012.02.16 12:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012.02.16 11:56:59 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Systweak
[2012.02.16 11:56:57 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.02.16 11:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.02.16 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.02.15 17:09:28 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2012.02.15 17:09:28 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2012.02.15 16:03:47 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Desktop\Latex Matlab Code
[2012.02.14 18:40:44 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Desktop\Markov_Switching
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 22:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.26 22:48:35 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.26 22:47:46 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 22:47:45 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 22:41:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.02.26 22:41:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.26 19:10:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.26 18:45:44 | 000,712,000 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.26 18:45:44 | 000,663,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.26 18:45:44 | 000,124,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.26 18:45:43 | 001,648,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.26 18:45:43 | 000,154,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.26 18:41:08 | 000,002,198 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.02.26 16:12:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bodbeli\Desktop\esetsmartinstaller_enu.exe
[2012.02.26 16:01:19 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.02.26 14:11:06 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 14:03:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\bodbeli\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.26 14:02:14 | 000,013,016 | ---- | M] () -- C:\Users\bodbeli\Desktop\get-mirror-server.html
[2012.02.24 17:42:45 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\bodbeli\Desktop\OTL.exe
[2012.02.24 17:41:33 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\bodbeli\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.20 21:07:15 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.02.19 15:01:12 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.02.19 10:05:44 | 001,527,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.16 13:04:23 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.02.16 13:03:28 | 000,002,228 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.02.16 12:53:03 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.02.15 21:45:24 | 000,458,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.09 12:00:22 | 000,018,816 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
 
========== Files Created - No Company Name ==========
 
[2012.02.26 14:11:06 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 14:02:12 | 000,013,016 | ---- | C] () -- C:\Users\bodbeli\Desktop\get-mirror-server.html
[2012.02.16 18:05:50 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.02.16 12:58:58 | 000,002,228 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.02.16 12:50:14 | 001,527,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.16 11:57:04 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.02.16 11:57:04 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.02.16 11:56:56 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2011.05.12 09:01:16 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{8EC6D0F3-324B-48EA-8FFF-89D33E2DDCD5}
[2011.05.11 20:05:29 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{65715203-8541-4D94-9C3E-C4C32E0E911A}
[2011.05.11 19:57:38 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{97CEF38C-553E-4A27-A617-69F86EA2ECD1}
[2011.03.07 18:38:57 | 000,000,337 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\Perfmon.PerfmonCfg
[2011.02.05 17:28:16 | 000,038,049 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.11.19 22:32:29 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS58.DLL
[2010.11.18 23:29:40 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.30 08:48:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.11 10:29:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.05.11 10:04:28 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010.10.29 17:08:10 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Asus WebStorage
[2012.02.24 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2011.10.05 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\FreePDF
[2012.02.15 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2011.02.05 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\QuickScan
[2012.02.16 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Systweak
[2012.02.20 21:07:15 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro.job
[2012.02.19 15:01:12 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012.02.16 13:04:23 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012.01.16 11:30:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.18 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Adobe
[2010.10.29 17:08:10 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Asus WebStorage
[2012.02.24 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2011.10.05 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\FreePDF
[2010.10.29 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Identities
[2012.02.15 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2010.10.29 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Macromedia
[2012.02.26 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Malwarebytes
[2010.10.30 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\MathWorks
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Media Center Programs
[2012.02.26 15:56:49 | 000,000,000 | --SD | M] -- C:\Users\bodbeli\AppData\Roaming\Microsoft
[2011.06.15 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\MiKTeX
[2011.06.15 22:54:24 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Mozilla
[2011.02.05 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\QuickScan
[2012.02.21 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Skype
[2011.07.27 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\skypePM
[2012.02.16 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Systweak
 
< %APPDATA%\*.exe /s >
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\cyrename.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe
[2009.09.23 15:47:53 | 001,234,432 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe
[2009.09.23 15:47:53 | 001,234,432 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe
[2009.09.23 15:47:53 | 001,234,944 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkmlsmf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 16:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_9.5.6.1001\iaStor.sys
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009.12.17 03:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista32_Win7_32_9.5.6.1001\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.11 10:17:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.11 10:17:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Alt 27.02.2012, 10:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Zitat:
Boot Mode: SafeMode with Networking
Wieso denn der Modus, der normale geht doch wieder?!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.02.2012, 10:24   #13
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Ja, der normale geht wieder...
Ich möchte mich bei dir für die Hilfe bedanken...

Alt 27.02.2012, 10:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Ja dann mach bitte im normalen Modus das OTL-Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.02.2012, 11:18   #15
zurab
 
50 Euro Virus hat auch mich erwischt - Standard

50 Euro Virus hat auch mich erwischt


Code:
ATTFilter
OTL logfile created on: 27.02.2012 10:57:40 - Run 3
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\bodbeli\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 67,45% Memory free
7,59 Gb Paging File | 6,14 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 61,77 Gb Free Space | 53,05% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 199,31 Gb Free Space | 59,90% Space Free | Partition Type: NTFS
 
Computer Name: BODBELI-PC | User Name: bodbeli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bodbeli\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vwl.uni-muenchen.de/
IE - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.vwl.uni-muenchen.de/"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 09:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.06 12:59:53 | 000,000,000 | ---D | M]
 
[2011.06.15 22:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bodbeli\AppData\Roaming\mozilla\Extensions
[2011.11.09 00:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.16 11:00:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.19 09:21:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.06 12:59:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.19 09:21:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.19 09:21:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 09:21:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 09:21:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 09:21:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 09:21:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.31 10:00:38 | 000,000,897 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 129.187.254.163	asa03.lrz.de
O1 - Hosts: 129.187.254.28	asa-cluster.lrz.de
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2630102896-260595033-1478422663-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2630102896-260595033-1478422663-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2630102896-260595033-1478422663-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.156.33.53 129.187.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F1D260C-B51B-4C2D-934A-B37B3E419DC1}: DhcpNameServer = 10.156.33.53 129.187.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABD17F0-6A14-4A65-AA1E-EFFED453A618}: NameServer = 10.149.184.2,10.156.33.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE466911-B24A-4BA2-A870-6581B376AD81}: Domain = uni-muenchen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE466911-B24A-4BA2-A870-6581B376AD81}: NameServer = 10.156.33.53,129.187.5.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell - "" = AutoRun
O33 - MountPoints2\{8aedd25e-8ada-11e0-a679-485b39736daa}\Shell\AutoRun\command - "" = F:\SISetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.26 16:12:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bodbeli\Desktop\esetsmartinstaller_enu.exe
[2012.02.26 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Malwarebytes
[2012.02.26 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.26 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.26 14:11:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.26 14:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.26 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Local\ElevatedDiagnostics
[2012.02.26 14:03:22 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\bodbeli\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.24 17:42:43 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\bodbeli\Desktop\OTL.exe
[2012.02.24 17:41:13 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\bodbeli\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.16 12:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012.02.16 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.02.16 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.02.16 12:43:06 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Documents\Visual Studio 2008
[2012.02.16 12:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 9.0 Express Edition
[2012.02.16 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.02.16 12:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.02.16 12:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012.02.16 12:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2012.02.16 12:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2012.02.16 11:56:59 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Systweak
[2012.02.16 11:56:57 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.02.16 11:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.02.16 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.02.15 17:09:28 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2012.02.15 17:09:28 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2012.02.15 16:03:47 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Desktop\Latex Matlab Code
[2012.02.14 18:40:44 | 000,000,000 | ---D | C] -- C:\Users\bodbeli\Desktop\Markov_Switching
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.27 10:10:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.27 10:02:06 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 10:02:06 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 09:54:43 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.02.27 09:54:35 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.27 09:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.27 09:54:07 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.26 18:45:44 | 000,712,000 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.26 18:45:44 | 000,663,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.26 18:45:44 | 000,124,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.26 18:45:43 | 001,648,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.26 18:45:43 | 000,154,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.26 18:41:08 | 000,002,198 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.02.26 16:12:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bodbeli\Desktop\esetsmartinstaller_enu.exe
[2012.02.26 16:01:19 | 000,001,257 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.02.26 14:11:06 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 14:03:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\bodbeli\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.26 14:02:14 | 000,013,016 | ---- | M] () -- C:\Users\bodbeli\Desktop\get-mirror-server.html
[2012.02.24 17:42:45 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\bodbeli\Desktop\OTL.exe
[2012.02.24 17:41:33 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\bodbeli\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.20 21:07:15 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.02.19 15:01:12 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.02.19 10:05:44 | 001,527,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.16 13:04:23 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.02.16 13:03:28 | 000,002,228 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.02.16 12:53:03 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.02.15 21:45:24 | 000,458,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.09 12:00:22 | 000,018,816 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
 
========== Files Created - No Company Name ==========
 
[2012.02.26 14:11:06 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 14:02:12 | 000,013,016 | ---- | C] () -- C:\Users\bodbeli\Desktop\get-mirror-server.html
[2012.02.16 18:05:50 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.02.16 12:58:58 | 000,002,228 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.02.16 12:50:14 | 001,527,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.16 11:57:04 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.02.16 11:57:04 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.02.16 11:56:56 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2011.05.12 09:01:16 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{8EC6D0F3-324B-48EA-8FFF-89D33E2DDCD5}
[2011.05.11 20:05:29 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{65715203-8541-4D94-9C3E-C4C32E0E911A}
[2011.05.11 19:57:38 | 000,000,000 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\{97CEF38C-553E-4A27-A617-69F86EA2ECD1}
[2011.03.07 18:38:57 | 000,000,337 | ---- | C] () -- C:\Users\bodbeli\AppData\Local\Perfmon.PerfmonCfg
[2011.02.05 17:28:16 | 000,038,049 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.11.19 22:32:29 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS58.DLL
[2010.11.18 23:29:40 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.30 08:48:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.11 10:29:24 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.05.11 10:04:28 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010.10.29 17:08:10 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Asus WebStorage
[2012.02.24 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2011.10.05 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\FreePDF
[2012.02.15 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2011.02.05 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\QuickScan
[2012.02.16 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Systweak
[2012.02.20 21:07:15 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro.job
[2012.02.19 15:01:12 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012.02.16 13:04:23 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012.02.27 08:08:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.18 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Adobe
[2010.10.29 17:08:10 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Asus WebStorage
[2012.02.24 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Coreyc
[2011.10.05 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\FreePDF
[2010.10.29 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Identities
[2012.02.15 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Kyq
[2010.10.29 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Macromedia
[2012.02.26 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Malwarebytes
[2010.10.30 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\MathWorks
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Media Center Programs
[2012.02.26 15:56:49 | 000,000,000 | --SD | M] -- C:\Users\bodbeli\AppData\Roaming\Microsoft
[2011.06.15 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\MiKTeX
[2011.06.15 22:54:24 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Mozilla
[2011.02.05 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\QuickScan
[2012.02.27 08:34:57 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Skype
[2011.07.27 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\skypePM
[2012.02.16 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\bodbeli\AppData\Roaming\Systweak
 
< %APPDATA%\*.exe /s >
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\cyrename.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe
[2009.09.23 15:47:53 | 001,234,432 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe
[2009.09.23 15:47:53 | 001,234,432 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe
[2009.09.23 15:47:53 | 001,234,944 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkmlsmf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe
[2010.04.17 21:20:34 | 000,022,528 | ---- | M] () -- C:\Users\bodbeli\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 16:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_9.5.6.1001\iaStor.sys
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009.12.17 03:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista32_Win7_32_9.5.6.1001\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.11 10:17:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.11 10:17:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Antwort
Seite 1 von 2 1 2

Themen zu 50 Euro Virus hat auch mich erwischt
50 euro, 50 euro virus, aus sicherheitsgründen, bereinige, bereinigen, bezahlen, blockiert, erschein, erscheint, erwischt, euro, extras.txt, fenster, sicherheitsgründe, sicherheitsgründen, viren, virus, windowssystem, windowssystem blockiert


« 50,-€-Virus unter Win2000 | Weiterleitung auf Bigpoint.de - Browser sehr langsam »


Ähnliche Themen: 50 Euro Virus hat auch mich erwischt


  1. 50 euro virus - auch mich hats erwischt
    Log-Analyse und Auswertung - 02.08.2015 (24)
  2. System Care Anti Virus...auch mich hat es erwischt
    Log-Analyse und Auswertung - 27.05.2013 (12)
  3. Repair Virus hat mich auch erwischt. HILFE
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (18)
  4. GVU - hat mich auch erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (7)
  5. Mich hat's auch erwischt - AKM Virus
    Log-Analyse und Auswertung - 19.05.2012 (31)
  6. Auch mich hat der AKM Virus erwischt!
    Log-Analyse und Auswertung - 17.05.2012 (2)
  7. Auch mich hat der AKM Virus erwischt!
    Mülltonne - 17.05.2012 (1)
  8. AKM Virus hat auch mich erwischt
    Log-Analyse und Auswertung - 15.05.2012 (16)
  9. Windows Security Center Virus , mich hat es heute auch erwischt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  10. Auch mich hat der Gema Virus erwischt... Bitte Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (33)
  11. [2x] 50 euro virus - auch mich hats erwischt
    Mülltonne - 18.02.2012 (1)
  12. Auch mich hat der Virus erwischt-bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  13. 50€ Virus hat auch mich erwischt.
    Log-Analyse und Auswertung - 18.01.2012 (8)
  14. BKA Virus hat mich dann heut auch erwischt...
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (1)
  15. Bundespolizei-Virus: mich hat es auch erwischt!
    Log-Analyse und Auswertung - 23.11.2011 (12)
  16. HDD LOW hat mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (19)
  17. auch mich hat es erwischt!
    Log-Analyse und Auswertung - 05.03.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 50 Euro Virus hat auch mich erwischt - Hallo, auch bei mir erscheint ein Fenster : Aus Sicherheitsgründen wurde das Windowssystem blockiert ! und ich müsse 50 Euro bezahlen um den PC zu bereinigen und die Viren zu - 50 Euro Virus hat auch mich erwischt...
Archiv
Du betrachtest: 50 Euro Virus hat auch mich erwischt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129