RonnyMEK | 01.02.2012 11:49 | OTL Logfile: Code:
OTL logfile created on: 01.02.2012 11:42:10 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ronny\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
984,89 Mb Total Physical Memory | 487,34 Mb Available Physical Memory | 49,48% Memory free
1,96 Gb Paging File | 1,21 Gb Available in Paging File | 61,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,29 Gb Total Space | 24,10 Gb Free Space | 46,97% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 31,54 Gb Free Space | 32,30% Space Free | Partition Type: NTFS
Drive F: | 222,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.02.01 07:32:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ronny\Downloads\OTL.exe
PRC - [2012.01.22 12:37:25 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.17 08:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.08.17 08:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.07.26 13:56:44 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2006.11.17 19:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.11.17 19:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
========== Driver Services (SafeList) ==========
DRV - [2012.02.01 11:11:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.12.21 14:46:31 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.10.05 23:31:48 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.05.18 13:20:40 | 000,119,256 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 0A E5 C0 9C 7B CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.95\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.95\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ronny\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Ronny\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.22 12:37:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.15 15:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 11:03:42 | 000,000,000 | ---D | M]
[2012.01.13 04:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronny\AppData\Roaming\mozilla\Extensions
[2012.02.01 11:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\safg95xj.default\extensions
[2012.01.20 13:40:01 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\safg95xj.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2012.01.04 22:20:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\safg95xj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.11 23:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\safg95xj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.24 22:22:32 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\safg95xj.default\extensions\firesheep@codebutler.com
[2012.01.13 04:46:47 | 000,000,842 | ---- | M] () -- C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\safg95xj.default\searchplugins\icqplugin.xml
[2012.01.13 04:46:47 | 000,005,317 | ---- | M] () -- C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\safg95xj.default\searchplugins\Linkury Smartbar Search.xml
[2012.01.13 04:31:56 | 000,002,519 | ---- | M] () -- C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\safg95xj.default\searchplugins\Search_Results.xml
[2012.01.15 15:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.14 20:58:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.15 15:39:51 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.01.15 15:39:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.15 15:39:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 15:39:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.15 15:39:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 15:39:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.13 04:31:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.01.15 15:39:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 15:39:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [XM2002] C:\Program Files\XM2002.exe -auto File not found
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ronny\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Personal ID] C:\Program Files\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553539000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553546000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5987E0AD-AA96-44EF-B998-92AD973FBF55}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.06.17 13:15:31 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bb0d7c1d-2a87-11e1-ac38-001f163705ba}\Shell - "" = AutoRun
O33 - MountPoints2\{bb0d7c1d-2a87-11e1-ac38-001f163705ba}\Shell\AutoRun\command - "" = F:\setup.exe -- [2010.06.17 13:00:09 | 232,957,909 | R--- | M] (astragon Software GmbH )
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.02.01 08:06:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.01 08:06:15 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Malwarebytes
[2012.02.01 08:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.01 08:05:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.01 08:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.01 08:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.31 23:45:50 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{7EF377AE-277D-4BDA-979E-F0D5431557DC}
[2012.01.31 11:45:07 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{4D729ECF-E7E6-4739-9B41-2E5967E0A472}
[2012.01.30 23:44:29 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{77D07AB6-F764-422A-A3D1-CB33720DC688}
[2012.01.30 20:05:54 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\FileMaker Pro
[2012.01.30 20:05:20 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\FileMaker
[2012.01.30 20:02:51 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\FileMaker
[2012.01.30 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileMaker
[2012.01.30 11:43:12 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{177A3B74-CEC5-4D01-AB6A-195683EA1C2F}
[2012.01.30 11:42:38 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{371F697B-0252-4B70-93B5-62035DC120F8}
[2012.01.30 00:29:18 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\TS3Client
[2012.01.30 00:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.01.30 00:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.01.29 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.01.29 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.01.29 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.01.29 14:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.29 14:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.01.29 05:16:39 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{F4A2CC86-593B-49B7-83D5-CB93050EE7F9}
[2012.01.29 01:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Radio Network
[2012.01.29 01:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRadioNetwork
[2012.01.29 01:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ln-systems
[2012.01.29 01:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\LN-Systems
[2012.01.28 17:15:42 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{AB4A74AD-0FE5-4FE1-A537-0C68951B62A9}
[2012.01.28 05:14:55 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{B9939E26-4A4F-4226-8DD8-604B16E6102E}
[2012.01.27 17:14:48 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{694660FD-303C-485A-9706-0F49C7DBD29C}
[2012.01.27 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\RealNetworks
[2012.01.27 06:55:13 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{A8FA8DB8-9CD7-4EA3-9DAA-5BEB42D38C3B}
[2012.01.26 09:57:09 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{7A5EFA18-F239-4703-8DE6-96DA2F6CE03D}
[2012.01.25 11:58:39 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{4CE911E1-75B3-4654-BDB2-4A95DB019194}
[2012.01.24 22:56:12 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{18CE5D0A-3F3B-41C3-8E72-477118C911E9}
[2012.01.24 10:46:48 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{362F0421-BAE2-46B6-BC8B-6D6734E402A0}
[2012.01.23 10:37:19 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{CF3A4013-9E70-4509-B7EB-E62DC6A39E02}
[2012.01.22 22:36:45 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{274B743E-8A4E-4657-A630-C9891CEDE572}
[2012.01.22 12:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.01.22 12:37:37 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012.01.22 12:37:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012.01.22 12:37:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012.01.22 12:37:27 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.01.22 12:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.22 12:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.01.22 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012.01.22 12:37:05 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Real
[2012.01.22 10:36:14 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{305EC927-6389-41CE-86B1-AD8B409C9E5A}
[2012.01.22 00:30:05 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Documents\Podcast Studio
[2012.01.22 00:29:26 | 000,962,560 | ---- | C] (East Wind Software) -- C:\Windows\System32\advdaudio.ocx
[2012.01.22 00:29:22 | 000,413,696 | ---- | C] (Gabest) -- C:\Windows\System32\flvsplitter.ax
[2012.01.22 00:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Documents\onlineTV 6
[2012.01.22 00:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\concept design
[2012.01.21 22:35:31 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{CA69C73A-7622-4FCF-A485-06948129D817}
[2012.01.21 22:34:53 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{F9A3E4D1-450F-47F9-9367-492A2432785F}
[2012.01.21 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{F2192A60-14D3-4304-A056-ED1001F8E4F6}
[2012.01.21 10:33:38 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{7D5A227A-2B4C-4EE8-BA23-B346EA059BD0}
[2012.01.21 03:04:06 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{028FB8F8-4309-4924-A975-2E42CAE4B427}
[2012.01.20 13:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.01.20 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Conduit
[2012.01.20 13:39:15 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Documents\Free Sound Recorder
[2012.01.20 13:39:15 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Free Sound Recorder
[2012.01.20 13:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
[2012.01.20 13:38:54 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2012.01.20 13:38:54 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2012.01.20 13:38:54 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2012.01.20 13:38:53 | 000,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2012.01.20 13:38:53 | 000,877,568 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2012.01.20 13:38:53 | 000,634,880 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2012.01.20 13:38:53 | 000,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2012.01.20 13:38:53 | 000,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2012.01.20 13:38:53 | 000,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2012.01.20 13:38:52 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2012.01.20 13:38:52 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2012.01.20 13:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Free Sound Recorder
[2012.01.20 13:34:43 | 010,792,904 | ---- | C] (Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc. ) -- C:\Users\Ronny\Desktop\FreeSoundRecorder-9.2.7.exe
[2012.01.19 23:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.01.19 23:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.01.19 20:34:19 | 000,320,512 | ---- | C] (Heuberger Software) -- C:\Users\Ronny\Desktop\CamMirror.exe
[2012.01.19 20:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2012.01.19 19:10:36 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Desktop\löschen
[2012.01.19 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{DB50821E-12C2-4500-9FF3-42C868D347DB}
[2012.01.19 12:23:23 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{F641C5DB-E10D-4009-8083-3D59EA21D5D5}
[2012.01.18 13:37:50 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{384DBCE2-6844-4507-B5E0-3614320C95B5}
[2012.01.18 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{91CEC56C-D3BC-478F-A58A-A2D60A4A2262}
[2012.01.17 23:58:57 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.17 23:58:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.17 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\.minecraft
[2012.01.17 13:07:55 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{240D9A36-222E-42BD-B537-FDD83B58B1B6}
[2012.01.16 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{445C878E-B4B2-4E52-9DB2-737A831145E5}
[2012.01.15 13:38:07 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{BA5917E0-8445-4DA2-8417-6F975CAF5ECB}
[2012.01.14 19:27:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.14 19:27:48 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.14 19:27:48 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.14 14:18:44 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{88393897-974B-4EED-A796-7DDF696907C3}
[2012.01.14 03:47:47 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{C1650740-380D-4401-84AB-C159A4B5DD66}
[2012.01.14 03:47:31 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{36449204-2AFF-4508-AFE4-DD7A8768AB3C}
[2012.01.14 03:21:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.13 19:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.13 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{B6AAEC65-5D0D-424D-9709-B6FF9FDCAE57}
[2012.01.13 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{0154183E-3FE2-4537-9E97-EC22865C41FD}
[2012.01.13 04:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.01.13 04:34:25 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\Ilivid Player
[2012.01.13 04:33:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012.01.13 04:31:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\PackageAware
[2012.01.13 04:14:42 | 000,192,000 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iac2561b.rra
[2012.01.13 04:14:42 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfs55bd.rra
[2012.01.13 04:07:49 | 000,192,000 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iac279e.rra
[2012.01.13 04:07:48 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfs712.rra
[2012.01.13 03:57:23 | 000,192,000 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iac27b37.rra
[2012.01.13 03:57:23 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfs7af9.rra
[2012.01.13 03:46:24 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2012.01.13 03:46:23 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\I263_32.DRV
[2012.01.13 03:46:23 | 000,227,840 | ---- | C] (Lucent Technologies Inc.) -- C:\Windows\System32\vx1000s.dll
[2012.01.13 03:46:23 | 000,192,000 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iac26b7e.rra
[2012.01.13 03:46:23 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfs6b4f.rra
[2012.01.13 03:46:23 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\Windows\System32\IMC32.ACM
[2012.01.13 03:45:40 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{72886DC2-C4F9-4E77-B0C0-97421B106826}
[2012.01.13 03:45:26 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{4FC4CFE9-8FE7-49AB-A02F-5E0FC2A53321}
[2012.01.13 03:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPPS
[2012.01.13 03:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\IPPS
[2012.01.13 03:15:56 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfsbdf8.rra
[2012.01.13 03:11:37 | 000,145,408 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\Ivfsc8b2.rra
[2012.01.12 16:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.12 16:29:21 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{64E4DE66-50D1-493D-8145-7229978F9946}
[2012.01.12 04:28:35 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{DF983022-1B0E-4591-A969-427624AB90DC}
[2012.01.11 23:24:58 | 000,000,000 | ---D | C] -- C:\Users\Ronny\dwhelper
[2012.01.11 16:27:39 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{8A3526AF-4CD4-4C09-93A6-71EB649240A3}
[2012.01.11 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{DA7BC8D1-9A2E-46AE-B696-A84C4A307024}
[2012.01.10 23:09:44 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{99C80773-282A-45E3-A3C9-9092A78DB0CC}
[2012.01.10 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{4C0F0FBA-3236-4183-B858-7D4B22B72322}
[2012.01.10 11:08:16 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{09293C35-4134-48C8-9B84-67E894ADACB8}
[2012.01.09 18:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lucky Nugget Casino
[2012.01.09 17:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Wild Casino
[2012.01.09 15:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2012.01.09 12:14:11 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{C9677EBA-91EE-42BB-AC2A-36A43104FD1F}
[2012.01.08 18:27:29 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{9D2D6633-ED27-489E-94EB-F4CD67F00E4F}
[2012.01.08 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{D725CAE5-516D-494D-97F5-40348F29C9D9}
[2012.01.08 17:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.01.08 06:26:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{D3ECF49E-19BB-4024-827F-135C8D31BCB9}
[2012.01.07 18:26:07 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{3DEFD98B-CA8B-477A-BE90-D7295C4A25FA}
[2012.01.07 18:25:50 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{70AA689F-DD89-4C20-95A8-2B4097E10C71}
[2012.01.07 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\PokerStars.NET
[2012.01.07 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2012.01.06 05:03:30 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{97B9CEF8-4895-40ED-894E-D7154C235F4B}
[2012.01.06 05:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{1831095B-E3C9-4005-B388-D5807A5EA1EB}
[2012.01.05 21:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostalgia Casino
[2012.01.05 21:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Mondial Casino
[2012.01.05 17:02:46 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{7A7FA929-882B-44F6-9A40-6A5012C64DF9}
[2012.01.05 13:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zodiac Casino
[2012.01.05 05:02:15 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{720F5E78-D1A4-4070-B0B2-E8D814E3F0C7}
[2012.01.04 21:14:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.01.04 21:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.01.04 21:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\GMX SMS-MMS-Manager
[2012.01.04 17:01:46 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{523A72B2-B521-4441-83E4-4CDCA008DE45}
[2012.01.04 05:01:15 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{A015B131-246A-464D-92FF-2ECDE6A5DA21}
[2012.01.03 17:00:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{66FCB983-DA1D-4599-A0E6-2BF3A160882F}
[2012.01.03 05:00:12 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{97904856-DF7D-4E4A-8064-142EEFBE0CB4}
[2012.01.02 16:59:36 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{1948DDFB-0FB1-49CC-951E-1B7EFB6FEC4A}
[2012.01.02 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Local\{3AAA5326-4A86-4504-921E-9E250DC79DC3}
[1 C:\Users\Ronny\AppData\Local\*.tmp files -> C:\Users\Ronny\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.02.01 11:41:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.01 11:35:10 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3207594503-3069413572-1965975378-1000UA.job
[2012.02.01 11:11:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.01 10:58:12 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 10:58:12 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 10:53:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.01 10:52:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.01 10:52:52 | 774,545,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 08:05:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.31 14:35:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3207594503-3069413572-1965975378-1000Core.job
[2012.01.30 20:17:50 | 000,000,008 | -H-- | M] () -- C:\Users\Ronny\AppData\Local\L8457789110
[2012.01.30 20:04:11 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2012.01.30 19:59:57 | 270,641,192 | ---- | M] () -- C:\Users\Ronny\Desktop\fmptrial11.exe
[2012.01.30 00:28:21 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.01.29 01:50:05 | 000,002,721 | ---- | M] () -- C:\Users\Public\Desktop\CBH-2011.lnk
[2012.01.29 01:22:23 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\FRN Client.lnk
[2012.01.28 14:47:21 | 000,386,042 | ---- | M] () -- C:\Users\Ronny\Desktop\280010_143250859083916_100001970079460_281102_4227578_o.jpg
[2012.01.24 23:48:28 | 000,031,853 | ---- | M] () -- C:\Users\Ronny\Desktop\l.gif
[2012.01.24 23:44:18 | 000,252,354 | ---- | M] () -- C:\Users\Ronny\Desktop\logo.jpg
[2012.01.23 06:17:56 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.23 06:17:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.23 06:17:56 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.23 06:17:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.22 12:47:51 | 000,000,286 | ---- | M] () -- C:\Users\Ronny\Documents\Onkelz Radio.osl
[2012.01.22 12:37:53 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.01.22 12:37:53 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.01.22 12:37:37 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012.01.22 12:37:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012.01.22 12:37:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012.01.22 12:37:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.01.20 13:38:58 | 000,001,091 | ---- | M] () -- C:\Users\Ronny\Desktop\Free Sound Recorder.lnk
[2012.01.20 13:38:23 | 010,792,904 | ---- | M] (Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc. ) -- C:\Users\Ronny\Desktop\FreeSoundRecorder-9.2.7.exe
[2012.01.19 20:33:27 | 000,248,389 | ---- | M] () -- C:\Users\Ronny\Desktop\CamMirror11.zip
[2012.01.04 21:14:26 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\GMX-SMS-Manager.lnk
[2012.01.02 16:57:53 | 000,352,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Ronny\AppData\Local\*.tmp files -> C:\Users\Ronny\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.02.01 08:05:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.30 20:05:12 | 000,000,008 | -H-- | C] () -- C:\Users\Ronny\AppData\Local\L8457789110
[2012.01.30 20:04:11 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\FileMaker Pro.lnk
[2012.01.30 20:03:44 | 000,002,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Pro.lnk
[2012.01.30 19:31:35 | 270,641,192 | ---- | C] () -- C:\Users\Ronny\Desktop\fmptrial11.exe
[2012.01.30 00:28:21 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.01.29 14:05:42 | 000,002,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2012.01.29 01:22:23 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\FRN Client.lnk
[2012.01.29 01:13:38 | 000,002,721 | ---- | C] () -- C:\Users\Public\Desktop\CBH-2011.lnk
[2012.01.28 14:47:12 | 000,386,042 | ---- | C] () -- C:\Users\Ronny\Desktop\280010_143250859083916_100001970079460_281102_4227578_o.jpg
[2012.01.24 23:48:20 | 000,031,853 | ---- | C] () -- C:\Users\Ronny\Desktop\l.gif
[2012.01.24 23:43:51 | 000,252,354 | ---- | C] () -- C:\Users\Ronny\Desktop\logo.jpg
[2012.01.22 12:47:51 | 000,000,286 | ---- | C] () -- C:\Users\Ronny\Documents\Onkelz Radio.osl
[2012.01.22 12:37:53 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.01.22 12:37:53 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.01.22 00:29:26 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.01.22 00:29:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012.01.22 00:29:24 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.20 13:38:58 | 000,001,091 | ---- | C] () -- C:\Users\Ronny\Desktop\Free Sound Recorder.lnk
[2012.01.20 13:38:54 | 000,113,486 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.01.19 20:33:25 | 000,248,389 | ---- | C] () -- C:\Users\Ronny\Desktop\CamMirror11.zip
[2012.01.13 03:46:23 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2012.01.05 21:17:16 | 000,000,776 | ---- | C] () -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Casino.lnk
[2012.01.05 14:54:43 | 000,000,783 | ---- | C] () -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joyland Casino.lnk
[2012.01.04 21:14:26 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX-SMS-Manager.lnk
[2012.01.04 21:14:26 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\GMX-SMS-Manager.lnk
[2011.11.28 00:35:12 | 000,000,000 | ---- | C] () -- C:\Users\Ronny\AppData\Local\{8E2B609A-7694-49C7-9451-78C7AE258D6E}
[2011.09.27 17:57:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.09.27 17:56:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.09.16 11:00:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.09.16 10:57:46 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2011.09.16 10:55:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.11.09 11:54:12 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.11.09 11:54:10 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.11.09 11:54:10 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.11.09 11:54:10 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.07.28 21:46:36 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.28 21:46:36 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.28 21:46:36 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.28 21:46:36 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,352,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2012.01.17 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\.minecraft
[2011.10.23 20:31:09 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Balabolka
[2012.02.01 11:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\CasinoOnNet
[2012.01.04 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.02.01 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\concept design
[2011.12.21 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\DAEMON Tools Pro
[2011.10.18 19:56:34 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\DesktopIconForAmazon
[2012.01.30 20:02:51 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\FileMaker
[2012.01.30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\FileMaker Pro
[2012.01.20 13:39:44 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Free Sound Recorder
[2011.12.20 16:00:54 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\GO Games
[2012.01.30 11:43:35 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\ICQ
[2011.12.29 13:38:33 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\MAGIX
[2011.10.18 19:56:27 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\OCS
[2011.11.30 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\OpenCandy
[2012.01.13 03:43:02 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Opera
[2011.12.21 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\RedDotGames
[2011.11.29 18:46:10 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\TeamViewer
[2012.01.30 02:20:48 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\TS3Client
[2011.12.04 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\TuneUp Software
[2011.12.20 21:09:08 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Utherverse
[2011.12.31 03:19:22 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Windows Live Writer
[2012.01.31 14:35:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3207594503-3069413572-1965975378-1000Core.job
[2012.02.01 11:35:10 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3207594503-3069413572-1965975378-1000UA.job
[2011.12.13 17:47:28 | 000,021,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:B0A727D1
< End of report > --- --- --- |