OTL-log: Code:
OTL logfile created on: 17.03.2012 17:20:24 - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = K:\Hubert\Eigene Dokumente\PC - dies und das\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 65,16% Memory free
5,87 Gb Paging File | 4,50 Gb Available in Paging File | 76,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,01 Gb Total Space | 236,87 Gb Free Space | 87,73% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,52 Gb Free Space | 47,63% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 18,10 Gb Free Space | 16,19% Space Free | Partition Type: NTFS
Drive K: | 34,67 Gb Total Space | 29,61 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
Drive S: | 139,99 Gb Total Space | 67,73 Gb Free Space | 48,38% Space Free | Partition Type: NTFS
Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.11 15:06:08 | 000,050,477 | ---- | M] () -- K:\Hubert\Eigene Dokumente\PC - dies und das\Defogger\Defogger.exe
PRC - [2012.02.23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.02 12:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011.08.19 15:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- K:\Hubert\Eigene Dokumente\PC - dies und das\OTL\OTL.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe
PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe
PRC - [2009.11.12 13:50:00 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.10.31 05:48:40 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.24 06:46:18 | 000,495,728 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.10.24 06:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe
PRC - [2009.08.19 15:42:56 | 000,192,000 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.08.05 16:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.03.04 09:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
========== Modules (SafeList) ==========
MOD - [2012.02.23 17:23:20 | 000,210,080 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll
MOD - [2011.08.19 15:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- K:\Hubert\Eigene Dokumente\PC - dies und das\OTL\OTL.exe
MOD - [2010.11.20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.08 07:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [Disabled | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.29 12:31:12 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 11:24:38 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.10 17:02:32 | 000,435,008 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.12.21 13:04:30 | 000,987,704 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.05.31 12:35:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.01.22 14:06:55 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.10.31 05:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.24 06:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.03.04 09:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - [2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.06.29 12:31:13 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 12:31:13 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.07.15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010.07.15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.01.22 14:06:57 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.01.22 14:06:52 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010.01.22 14:06:46 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.01.22 14:06:33 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.11.12 13:50:00 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.10.24 06:46:18 | 000,421,376 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.30 15:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.07.20 19:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2003.09.19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/413
IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.10.26 10:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 13:53:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.14 14:32:05 | 000,000,000 | ---D | M]
[2011.12.05 10:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions
[2012.03.17 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions
[2011.12.05 10:18:52 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.03.10 14:49:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.06.29 09:42:13 | 000,000,000 | ---D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2012.01.10 11:29:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.11 14:26:37 | 000,000,000 | ---D | M] (CsFire) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\csfire@cs.kuleuven.be
[2011.07.05 16:21:02 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org
[2011.06.29 09:42:11 | 000,000,000 | ---D | M] (HTML5 Extension for Windows Media Player Plug-in) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack
[2012.03.17 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\staged
[2011.06.29 09:42:12 | 000,000,000 | ---D | M] (WiseCleaner Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com
[2011.07.05 16:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\chrome
[2011.07.05 16:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\components
[2011.07.05 16:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\defaults
[2010.05.05 07:43:28 | 000,002,424 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\askcom.xml
[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) --
[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\ITRANS@TENSHI.XPI
[2012.02.20 13:53:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.14 14:31:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.02.03 16:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 16:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2012.02.03 16:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 16:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 16:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 16:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.07.05 16:10:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer für Windows\AutoUpdate.exe ()
O4 - HKLM..\Run: [SimpleScreenshot] C:\Programme\SSS\SimpleScreenshot.exe (Mirko Böer)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shoot'n Save.lnk - C:\Programme\ShootnSave\ShootnSave.exe - ()
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: SpywareTerminator - hkey= - key= - File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: YouCam Mirror Tray icon - hkey= - key= - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.03.17 10:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{A1595D12-BAA0-41E6-AE43-E2C6B36D0AF3}
[2012.03.17 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{5E525BC7-4D2D-45B7-ADB5-99FFC2EB4660}
[2012.03.15 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{45C287F2-AECE-418E-ABAE-4113E7A3D5FA}
[2012.03.15 11:04:33 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{97E4E008-C7E7-4C7B-B351-F1D30C487106}
[2012.03.14 14:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.14 09:21:14 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0A889D23-FCF6-499D-9ABD-429A7741FDB0}
[2012.03.13 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0701B966-F9A2-464B-9D5D-A877B6C0AA8F}
[2012.03.13 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{407069C8-B636-485A-83FA-63095A5A078D}
[2012.03.12 08:44:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1B385508-10CD-4C6A-8DB4-80C967048E76}
[2012.03.12 08:43:30 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{B20437A0-EAA7-49BD-B30A-F62E74A5BB4F}
[2012.03.11 18:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.11 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8D087669-E156-471D-A138-81CF75EF95AC}
[2012.03.11 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EEDB4932-E36C-4792-9606-4283190CE296}
[2012.03.10 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Roaming\gnupg
[2012.03.10 08:11:21 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8FAAA3BA-689A-4273-92F8-97DF6E20311A}
[2012.03.10 08:11:07 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{48FCCB6C-D7DF-4E6F-AD92-A0BD162821B6}
[2012.03.08 12:24:00 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4619FFEE-331F-4448-A60B-2EAF7F207854}
[2012.03.08 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{14F67779-71DD-46EC-9DF4-CD33BFC39656}
[2012.03.07 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer für Windows
[2012.03.07 13:38:45 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\MPlayer
[2012.03.07 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MPlayer für Windows
[2012.03.07 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{F0504B68-C7CA-432A-B7DD-128BE045ABE8}
[2012.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{9A1A2477-7403-4D54-A064-66F04835E610}
[2012.03.06 15:15:49 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{149B2559-4E42-447C-83CF-222E8431531A}
[2012.03.06 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{14DCA768-B020-4309-B6D4-9EBDBD893570}
[2012.03.05 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{7E791293-3658-4F32-8119-81B92972799A}
[2012.03.05 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{D9D37A1E-4268-43B6-B3CF-4F8E72C165B8}
[2012.02.29 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{54250811-BB16-4668-86A1-CF413D2B5029}
[2012.02.29 13:45:04 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{CFEDD199-2958-4137-9A0A-1F2F41096F43}
[2012.02.28 11:11:09 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{5DB65100-9E57-4446-95B7-1540CC0CE363}
[2012.02.28 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{E96DB9F6-9BA4-470C-B73A-3622DBD1D6B9}
[2012.02.27 08:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{3BD39F69-6DC3-4021-A782-2FFAA4939476}
[2012.02.27 08:43:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0FA223F2-BAC6-4F17-B2C0-2C75F59E87CA}
[2012.02.26 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0AF5C90C-3A28-42B9-BD3B-44672E146250}
[2012.02.26 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4D6BD6A4-C64E-4AF5-8DC9-C70FDCA86798}
[2012.02.25 09:09:29 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4E4E4243-A47C-4DE1-A955-37E362FF282E}
[2012.02.25 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{DADA3F3D-C339-4C83-A6DC-EF68DA96616D}
[2012.02.24 13:47:35 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.02.24 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1115085B-DDFC-47F0-9B2B-80356850B8BA}
[2012.02.24 08:00:38 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{67BDDC81-2F0B-4C84-95D8-7A5174F2F63C}
[2012.02.23 07:07:38 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{334C9CDA-0DA9-4321-88ED-767B51411E8B}
[2012.02.23 07:06:59 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8492A0E5-3DCE-4838-ACAC-42F5A6B430CC}
[2012.02.22 09:09:56 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{6F088B8E-B861-4049-853F-F4945EF0735B}
[2012.02.22 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{669BF570-ADD7-4DFB-AC14-3D609FA76D39}
[2012.02.21 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EE904A08-5057-4ACC-AFF7-E78FB8E77182}
[2012.02.21 10:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4E0B2FDD-943A-404E-9E52-DDD7BDE52224}
[2012.02.20 13:15:44 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{958E1B63-3406-41E2-AC55-0369C8234F24}
[2012.02.20 13:15:31 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{AA978DE3-5EC3-491B-A820-8D8AFAFA08FC}
[2012.02.19 12:34:12 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{142476A4-48D6-46F0-A844-C1739ED760B1}
[2012.02.19 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{7EFC7D26-6B3C-4DC8-9D4D-7BCABC462930}
[2012.02.18 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1E8CBDC3-D813-4346-8F2E-2BC77E0E1D6D}
[2012.02.18 16:42:48 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EF22ACD7-9ADF-4633-A67B-5C2705DAB993}
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 30 Days ==========
[2012.03.17 17:00:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.17 15:34:37 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.17 15:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 09:53:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 12:01:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.15 12:01:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.15 12:01:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.15 12:01:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.14 14:47:20 | 000,045,488 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\wklnhst.dat
[2012.03.14 09:21:16 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 09:21:16 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.11 15:38:43 | 000,002,853 | ---- | M] () -- C:\Users\Hubert\Desktop\dds.com - Verknüpfung.pif
[2012.03.11 15:34:20 | 000,000,000 | ---- | M] () -- C:\Users\Hubert\defogger_reenable
[2012.03.10 14:43:31 | 2363,125,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 13:38:49 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2012.03.07 13:38:49 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\MPUI.lnk
[2012.02.24 13:47:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.02.23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.02.23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.02.18 17:33:08 | 000,422,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.03.11 15:38:43 | 000,002,853 | ---- | C] () -- C:\Users\Hubert\Desktop\dds.com - Verknüpfung.pif
[2012.03.11 15:34:20 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\defogger_reenable
[2012.03.07 13:38:49 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2012.03.07 13:38:49 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\MPUI.lnk
[2011.11.04 15:51:07 | 000,004,608 | ---- | C] () -- C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.04 15:50:44 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.11.04 15:50:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.11.04 15:50:39 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.11.04 15:50:39 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.11.04 15:50:39 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.07.05 16:03:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.05 16:03:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.05 16:03:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.05 16:03:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.05 16:03:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.03 13:09:06 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010.08.03 13:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010.08.03 13:09:06 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.08.03 13:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.08.03 13:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.02.22 13:15:33 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.02.20 15:16:10 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.02.20 15:16:08 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.02.20 15:16:08 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.02.13 16:37:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.02.13 16:37:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.02.13 16:37:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.02.13 16:37:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.01.24 17:42:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.01.24 17:42:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.01.24 17:42:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.01.24 17:42:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.01.24 17:42:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.01.24 17:42:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.01.24 17:42:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.01.24 17:42:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.01.24 17:42:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.01.24 17:42:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.01.24 17:42:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.01.24 17:42:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.01.24 17:42:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.01.24 17:42:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.01.24 17:42:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.01.24 17:24:30 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P34903590GD.ini
[2010.01.24 15:57:49 | 000,006,771 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2010.01.21 16:18:23 | 000,045,488 | ---- | C] () -- C:\Users\Hubert\AppData\Roaming\wklnhst.dat
[2009.12.15 01:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.11.12 15:56:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.11.12 15:36:11 | 000,000,548 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.11.06 08:21:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.11.06 08:12:37 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.11.06 08:12:35 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2009.11.06 07:38:06 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2009.11.06 07:36:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.06 06:46:08 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009.11.06 06:45:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.11.06 06:45:32 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,422,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
========== LOP Check ==========
[2010.02.24 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Acronis
[2011.12.05 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft
[2011.11.04 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Any Video Editor
[2011.08.13 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\BOM
[2010.03.29 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canneverbe Limited
[2010.12.20 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canon
[2011.02.24 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\elsterformular
[2010.10.31 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Engelmann Media
[2010.01.25 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EPSON
[2011.12.05 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\FreeFLVConverter
[2012.03.10 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gnupg
[2010.11.29 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gtk-2.0
[2011.12.04 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ImgBurn
[2011.03.19 15:48:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\IrfanView
[2011.12.06 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\LibreOffice
[2010.02.14 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX
[2010.06.10 15:13:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\OpenOffice.org
[2010.02.13 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Panasonic
[2010.11.04 15:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\PhotoScape
[2012.01.06 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\QTTabBar
[2010.02.24 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung
[2011.04.22 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Simple Sudoku
[2011.03.19 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SimpleScreenshot
[2010.01.22 13:56:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Template
[2010.11.25 15:44:02 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Tracker Software
[2011.03.10 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TuneUp Software
[2011.01.12 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Windows Live Writer
[2011.11.04 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMedia Recode
[2010.09.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMLmind
[2011.05.11 08:52:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.02.24 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Acronis
[2010.01.22 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Adobe
[2011.12.05 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft
[2011.11.04 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Any Video Editor
[2011.11.30 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Apple Computer
[2010.02.06 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ArcSoft
[2010.03.27 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Avira
[2011.08.13 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\BOM
[2010.03.29 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canneverbe Limited
[2010.12.20 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canon
[2010.03.08 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Corel
[2011.11.03 18:52:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\CyberLink
[2012.01.10 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVD Flick
[2011.02.24 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\elsterformular
[2010.10.31 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Engelmann Media
[2010.01.25 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EPSON
[2011.12.05 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\FreeFLVConverter
[2012.03.10 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gnupg
[2010.11.29 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gtk-2.0
[2010.01.21 14:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Identities
[2011.12.04 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ImgBurn
[2011.03.19 15:48:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\IrfanView
[2011.12.06 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\LibreOffice
[2010.01.22 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Macromedia
[2010.02.14 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX
[2010.10.20 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Media Center Programs
[2012.03.11 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Media Player Classic
[2012.03.07 12:54:16 | 000,000,000 | --SD | M] -- C:\Users\Hubert\AppData\Roaming\Microsoft
[2011.02.06 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Mozilla
[2010.06.10 15:13:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\OpenOffice.org
[2010.02.13 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Panasonic
[2010.11.04 15:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\PhotoScape
[2012.01.06 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\QTTabBar
[2010.02.24 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung
[2011.04.22 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Simple Sudoku
[2011.03.19 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SimpleScreenshot
[2011.07.12 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SUPERAntiSpyware.com
[2010.01.22 13:56:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Template
[2010.11.25 15:44:02 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Tracker Software
[2011.03.10 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TuneUp Software
[2011.12.17 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\vlc
[2011.01.12 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Windows Live Writer
[2011.11.04 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMedia Recode
[2010.09.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMLmind
< %APPDATA%\*.exe /s >
[2010.12.15 16:45:36 | 000,605,976 | ---- | M] (Tracker Software Products Ltd.) -- C:\Users\Hubert\AppData\Roaming\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTOR.SYS >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report > |