| Lakardus | 24.01.2012 16:50 |
Ok Anhang nummer 2 poste ich mal hier!
MelOTL Logfile: Code:
OTL logfile created on: 24.01.2012 16:33:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dany\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 79,40% Memory free
7,93 Gb Paging File | 7,22 Gb Available in Paging File | 91,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 84,57 Gb Free Space | 45,39% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 98,68 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Computer Name: DANY-TOSH | User Name: Dany | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.24 16:15:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dany\Downloads\OTL.exe
PRC - [2011.12.24 13:18:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.24 13:18:56 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.01.12 17:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.08.27 12:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 13:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 10:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009.07.08 08:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007.02.12 01:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011.12.14 20:46:54 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.06.01 19:21:52 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.02.02 19:38:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.12 17:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.08.17 09:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 18:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.07.30 04:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 18:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.08.29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007.12.17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.26 08:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.25 12:09:06 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.03.25 12:09:06 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.03.25 12:09:06 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.12.14 15:33:30 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.14 00:39:30 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.12.13 21:37:52 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.01 21:19:16 | 000,649,472 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.12.01 21:18:32 | 000,617,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.08.26 17:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.08.18 17:41:06 | 000,049,568 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009.08.05 13:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.08.05 12:35:08 | 000,073,632 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009.08.05 11:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.08.04 11:33:44 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 17:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.28 19:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.27 14:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.24 14:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.24 10:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.13 21:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.07.07 20:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.06.29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.26 14:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.23 00:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.19 09:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 08:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 11:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.15 12:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.07 09:41:46 | 000,026,624 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys -- (nuvotonhidcir)
DRV:64bit: - [2009.06.07 09:41:46 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.01.19 19:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2007.04.16 19:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010.03.26 08:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Jappy - Die Internet-Community
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.1.9.3
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.1.9.3
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.1.9.3
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: {5b35cb30-16b4-11de-8c30-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0
FF - prefs.js..extensions.enabledItems: flaminglow-ff3-30@glowplug.bitasylum.net:3.5.1.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.24 13:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.21 10:20:26 | 000,000,000 | ---D | M]
[2009.12.13 00:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dany\AppData\Roaming\mozilla\Extensions
[2010.07.22 22:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions
[2009.12.13 15:23:52 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2010.07.22 22:51:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.22 22:51:40 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.12.13 15:23:43 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2009.12.13 15:22:29 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2009.12.13 15:21:33 | 000,000,000 | ---D | M] (flaminglow) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\flaminglow-ff3-30@glowplug.bitasylum.net
[2009.12.13 15:18:08 | 000,000,000 | ---D | M] ("Foxdie (Blue)") -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\Foxdie@tanjihay.com
[2009.12.13 15:23:52 | 000,000,000 | ---D | M] ("Foxdie for Firefox") -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\foxdie_ext_ocelot@foxdie.us
[2009.12.13 15:18:08 | 000,000,000 | ---D | M] ("Foxdie (Graphite)") -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\FoxdieGraphite@tanjihay.com
[2009.12.13 15:23:52 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\eu7g4fj4.default\extensions\redshift_V2@shift-themes.com
[2011.12.24 16:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\iqhqguz7.default\extensions
[2011.07.01 21:51:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\iqhqguz7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.26 04:59:15 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Dany\AppData\Roaming\mozilla\Firefox\Profiles\iqhqguz7.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011.12.21 10:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.12.24 13:18:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.27 22:29:52 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Brushed = C:\Users\Dany\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: Babylon Chrome OCR = C:\Users\Dany\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [hcwemmon] C:\Windows\hcwemmon.exe (eMPIA Technology, Inc.)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [{0FC3DBFE-201B-B92F-631A-413C2D14C714}] C:\Users\Dany\AppData\Roaming\Ygfic\loxaz.exe (Корпорация Майкрософт)
O4 - HKCU..\Run: [{113BA22F-BF71-11DE-88BE-806E6F6E6963}] C:\Users\Dany\AppData\Roaming\Microsoft\svhcost.exe ()
O4 - HKCU..\Run: [{6406C9DD-1D6D-8749-700A-914368D98DD0}] C:\Users\Dany\AppData\Roaming\Egekigv\wurelu.exe (Roger Sondermann)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dany\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - Startup: C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dany\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dany\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dany\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dany\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{312197CB-97E5-4148-9005-6B38BB29EBDB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{312197CB-97E5-4148-9005-6B38BB29EBDB}: NameServer = 213.191.74.19,62.109.123.197
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{059b097c-9a17-11df-9ca4-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{059b097c-9a17-11df-9ca4-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{059b098a-9a17-11df-9ca4-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{059b098a-9a17-11df-9ca4-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{13898319-f6eb-11de-9346-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{13898319-f6eb-11de-9346-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1389831c-f6eb-11de-9346-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{1389831c-f6eb-11de-9346-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e0895af-e76d-11de-8fe6-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{1e0895af-e76d-11de-8fe6-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e0895b4-e76d-11de-8fe6-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{1e0895b4-e76d-11de-8fe6-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3688f754-99e1-11e0-9499-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3688f754-99e1-11e0-9499-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{49f21f83-c449-11e0-872f-00269e6d438b}\Shell - "" = AutoRun
O33 - MountPoints2\{49f21f83-c449-11e0-872f-00269e6d438b}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{4c42126f-e811-11de-8339-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{4c42126f-e811-11de-8339-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4c421273-e811-11de-8339-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{4c421273-e811-11de-8339-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5b440512-f48b-11df-8fcf-00269e6d438b}\Shell - "" = AutoRun
O33 - MountPoints2\{5b440512-f48b-11df-8fcf-00269e6d438b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5b440527-f48b-11df-8fcf-00269e6d438b}\Shell - "" = AutoRun
O33 - MountPoints2\{5b440527-f48b-11df-8fcf-00269e6d438b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{885975fb-0d02-11df-8d12-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{885975fb-0d02-11df-8d12-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{88597609-0d02-11df-8d12-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{88597609-0d02-11df-8d12-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b0a99b0-0d07-11df-92eb-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{8b0a99b0-0d07-11df-92eb-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8b0a99be-0d07-11df-92eb-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{8b0a99be-0d07-11df-92eb-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9670e58b-9a15-11df-be4a-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{9670e58b-9a15-11df-be4a-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af9f2079-08bb-11df-a5a4-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{af9f2079-08bb-11df-a5a4-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af9f207c-08bb-11df-a5a4-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{af9f207c-08bb-11df-a5a4-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bade3e67-99dd-11e0-a4c1-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{bade3e67-99dd-11e0-a4c1-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bade3e73-99dd-11e0-a4c1-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{bade3e73-99dd-11e0-a4c1-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c1bd0c8d-1649-11df-9398-00269e6d438b}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bd0c8d-1649-11df-9398-00269e6d438b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2c87cf1-9231-11df-a1e6-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c87cf1-9231-11df-a1e6-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2c87cf9-9231-11df-a1e6-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c87cf9-9231-11df-a1e6-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7090ebb-0d06-11df-8617-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{d7090ebb-0d06-11df-8617-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d85b3586-9271-11df-936e-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{d85b3586-9271-11df-936e-0026b6437435}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{edbe1beb-128d-11df-8484-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{edbe1beb-128d-11df-8484-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{faec2e73-99dc-11e0-95cb-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{faec2e73-99dc-11e0-95cb-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{faec2e96-99dc-11e0-95cb-0026b6437435}\Shell - "" = AutoRun
O33 - MountPoints2\{faec2e96-99dc-11e0-95cb-0026b6437435}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.01.22 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Inul
[2012.01.22 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Azyrfy
[2012.01.22 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Ygfic
[2012.01.22 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Tisad
[2012.01.22 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Koas
[2012.01.22 17:41:22 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Egekigv
[2012.01.08 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\WinRAR
[2012.01.08 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.08 17:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.08 17:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.01.08 17:08:03 | 019,555,200 | ---- | C] (Fengtao Software Inc. ) -- C:\Users\Dany\Desktop\DVDFab8112Qt.exe
[2012.01.07 17:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.01.03 22:15:38 | 000,000,000 | ---D | C] -- C:\Users\Dany\weight watchers
[2009.12.14 00:39:30 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dany\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.24 16:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 16:20:52 | 3193,651,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.24 16:17:29 | 000,000,020 | ---- | M] () -- C:\Users\Dany\defogger_reenable
[2012.01.24 16:16:00 | 000,001,061 | ---- | M] () -- C:\Users\Dany\Desktop\OTL - Verknüpfung.lnk
[2012.01.24 16:15:02 | 000,000,717 | ---- | M] () -- C:\Users\Dany\Desktop\Defogger - Verknüpfung.lnk
[2012.01.24 15:22:51 | 001,627,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.24 15:22:51 | 000,701,920 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.24 15:22:51 | 000,656,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.24 15:22:51 | 000,150,882 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.24 15:22:51 | 000,123,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.24 15:22:49 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 15:22:49 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.22 18:51:01 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.01.15 01:51:41 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.01.08 16:49:25 | 000,099,384 | ---- | M] () -- C:\Users\Dany\AppData\Roaming\inst.exe
[2012.01.08 16:49:25 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Dany\AppData\Roaming\pcouffin.sys
[2012.01.08 16:49:25 | 000,007,859 | ---- | M] () -- C:\Users\Dany\AppData\Roaming\pcouffin.cat
[2012.01.08 16:49:25 | 000,001,167 | ---- | M] () -- C:\Users\Dany\AppData\Roaming\pcouffin.inf
[2012.01.08 16:45:32 | 484,399,767 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.06 19:52:53 | 001,604,910 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.24 16:17:29 | 000,000,020 | ---- | C] () -- C:\Users\Dany\defogger_reenable
[2012.01.24 16:16:00 | 000,001,061 | ---- | C] () -- C:\Users\Dany\Desktop\OTL - Verknüpfung.lnk
[2012.01.24 16:15:02 | 000,000,717 | ---- | C] () -- C:\Users\Dany\Desktop\Defogger - Verknüpfung.lnk
[2012.01.11 11:56:10 | 000,026,624 | R-S- | C] () -- C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
[2011.07.07 18:15:21 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.07.07 17:46:59 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.07.07 17:46:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DDDAAADA50.sys
[2011.03.25 13:26:01 | 001,604,910 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.04 22:06:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.06 23:57:45 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.06 23:57:45 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.10.29 23:20:30 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.29 23:18:53 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.07.27 22:30:04 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.02.11 18:34:14 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010.02.11 18:34:14 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010.02.11 18:34:14 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010.02.11 18:34:14 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010.02.11 18:34:14 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010.02.11 18:34:14 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010.02.11 18:34:14 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010.02.11 18:34:14 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010.02.11 18:34:14 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010.02.11 18:34:14 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010.02.11 18:34:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010.02.11 18:34:14 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010.02.11 18:34:14 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010.02.11 18:34:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010.02.11 18:34:14 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010.02.11 18:34:14 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010.02.11 18:34:14 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010.02.11 18:34:14 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010.02.11 18:34:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.01.24 15:20:37 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\bdadll.dll
[2010.01.24 15:06:30 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2010.01.24 15:05:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2009.12.14 00:39:30 | 000,099,384 | ---- | C] () -- C:\Users\Dany\AppData\Roaming\inst.exe
[2009.12.14 00:39:30 | 000,007,859 | ---- | C] () -- C:\Users\Dany\AppData\Roaming\pcouffin.cat
[2009.12.14 00:39:30 | 000,001,167 | ---- | C] () -- C:\Users\Dany\AppData\Roaming\pcouffin.inf
[2009.12.13 22:46:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.12.13 22:20:48 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.12.13 22:07:25 | 000,000,029 | ---- | C] () -- C:\Users\Dany\AppData\Roaming\default.rss
[2009.12.13 22:07:25 | 000,000,000 | ---- | C] () -- C:\Users\Dany\AppData\Roaming\downloads.m3u
[2009.10.23 02:54:31 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.10.23 02:28:15 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\TSshellexD.dll
[2009.09.21 22:41:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
========== LOP Check ==========
[2010.07.21 09:26:40 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Ace
[2010.07.22 23:20:05 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Amazon
[2010.02.04 19:01:20 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Atari
[2012.01.22 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Azyrfy
[2011.09.29 11:09:38 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\DVDVideoSoft
[2011.07.01 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.22 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Egekigv
[2011.01.22 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\EPSON
[2011.07.01 21:10:37 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\gtk-2.0
[2010.10.27 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Gutscheinmieze
[2011.07.07 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Image Zone Express
[2010.10.27 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\IN-MEDIAKG
[2009.12.14 10:59:31 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\InterVideo
[2012.01.22 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Inul
[2010.08.03 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Kalenderchen
[2012.01.24 16:05:59 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Koas
[2010.02.04 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Leadertech
[2010.10.29 23:20:52 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\MAGIX
[2010.10.27 19:27:49 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\mresreg
[2011.11.28 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Origin
[2010.01.23 20:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\PersBackup
[2010.10.27 20:11:56 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\PhotoFiltre
[2011.06.19 22:23:11 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\PhotoScape
[2010.02.01 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\ProtectDisc
[2011.06.01 19:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Samsung
[2010.10.13 21:33:23 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Serif
[2009.12.12 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\T-Mobile
[2009.12.13 00:12:02 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\T-Mobile Internet Manager
[2012.01.24 16:05:59 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Tisad
[2009.12.14 11:21:30 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Toshiba
[2010.01.14 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\TuneUp Software
[2011.07.01 19:23:52 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\UDC Profiles
[2010.10.27 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Ulead Systems
[2012.01.08 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Vso
[2010.10.11 11:32:52 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\WildTangent
[2012.01.22 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\Ygfic
[2010.01.16 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\Dany\AppData\Roaming\YoudaGames
[2012.01.22 18:51:01 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.01.03 17:20:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.12.14 00:18:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.12.13 21:07:30 | 000,000,000 | ---D | M] -- C:\alte-d-partition
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.12 23:28:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.12.13 22:01:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.30 20:00:56 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.07 19:18:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.24 15:47:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.01.07 17:51:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.12 23:28:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.24 14:33:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.23 02:59:29 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.12.13 17:27:27 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.11.30 20:53:42 | 000,000,000 | R--D | M] -- C:\Users
[2009.12.17 18:48:23 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.01.24 15:30:21 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.21 22:57:41 | 000,000,000 | ---D | M] -- C:\Works
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
< MD5 for: AFD.SYS >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\SysNative\drivers\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D31BE97C
< End of report >
--- --- --- |
