Code:
OTL logfile created on: 09.10.2012 22:22:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aaa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 70,60% Memory free
7,73 Gb Paging File | 6,55 Gb Available in Paging File | 84,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,16 Gb Total Space | 380,61 Gb Free Space | 82,18% Space Free | Partition Type: NTFS
Computer Name: AAA-PC | User Name: aaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe
PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.06 19:20:37 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 13:23:28 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.08.28 17:52:44 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.03 16:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012.04.13 20:12:13 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012.04.13 20:12:13 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.21 16:44:30 | 002,793,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.07.01 05:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.03 17:07:04 | 001,224,192 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.06 14:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360312d206l04c8z135t64n1c413
IE - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT474
IE - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.06 17:15:11 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.10.06 16:26:02 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15262 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\.DEFAULT..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk = C:\Users\aaa\Desktop\PROXOMITRON\Proxomitron.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1121988522-4199441151-2918872926-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DDC8C3-4207-4A03-847A-5F0D098AC1F3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{908D8B77-90CF-4CB0-84F4-67EF8DA6CDD4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell - "" = AutoRun
O33 - MountPoints2\{70624967-858a-11e1-a36c-0017c4f1b1fe}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: MsMpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MsMpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WRkrn - Driver
SafeBootNet:64bit: WRSVC - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.10.07 18:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.07 17:17:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.07 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.07 17:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.07 17:15:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.07 11:12:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.10.07 11:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.10.07 11:09:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.10.07 01:21:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 01:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.07 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.07 00:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.10.07 00:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012.10.07 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.10.07 00:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012.10.06 23:52:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.10.06 23:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.06 23:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.06 23:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.06 22:53:52 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.06 22:48:11 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Chromium
[2012.10.06 22:43:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\My Games
[2012.10.06 21:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012.10.06 21:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zak McKracken - Between Time & Space
[2012.10.06 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zak2
[2012.10.06 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\zak
[2012.10.06 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.10.06 21:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.10.06 21:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.10.06 20:00:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.10.06 19:28:34 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.10.06 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.06 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012.10.06 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012.10.06 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2012.10.06 15:16:09 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012.10.06 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\Documents\RegRun2
[2012.10.06 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\aaa\Desktop\Bücher-links
[2012.10.06 02:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Coranti
[2012.10.06 02:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Coranti
[2012.10.06 02:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012.10.06 01:44:52 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Sophos
[2012.10.06 01:25:13 | 000,000,000 | ---D | C] -- C:\Users\aaa\Local Settings
[2012.10.06 01:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.10.06 01:00:50 | 000,000,000 | ---D | C] -- C:\escw_100_sa
[2012.10.06 00:57:47 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\Symantec
[2012.10.06 00:55:23 | 000,287,152 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:02 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.10.05 23:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.10.05 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.10.05 23:51:28 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.05 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.10.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.10.05 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2012.10.05 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2012.10.05 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netdevil
[2012.10.05 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\GameSpy
[2012.10.05 20:06:27 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Local\ApplicationHistory
[2012.10.05 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy
[2012.10.05 20:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy
[2012.10.05 20:05:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012.10.05 20:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2012.10.05 20:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012.10.05 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.10.05 20:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.10.05 20:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netdevil
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2012.10.05 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tennis Elbow 2011
[2012.10.01 18:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012.10.01 18:31:53 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.01 18:31:49 | 000,000,000 | ---D | C] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.10.01 18:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012.10.01 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.09 22:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 21:50:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 21:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 15:22:32 | 000,478,024 | ---- | M] () -- C:\Users\aaa\Desktop\Label_Holzer.PDF
[2012.10.09 14:01:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 14:01:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 13:54:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 21:15:00 | 001,527,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 21:15:00 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 21:15:00 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 21:15:00 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 21:15:00 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.07 18:24:10 | 000,002,255 | ---- | M] () -- C:\Users\aaa\Desktop\Google Chrome.lnk
[2012.10.07 17:17:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.07 15:16:44 | 000,001,451 | ---- | M] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.07 01:39:54 | 000,000,000 | ---- | M] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | M] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 01:21:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aaa\Desktop\OTL.exe
[2012.10.07 00:37:17 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | M] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:17:42 | 000,000,372 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.10.06 22:36:54 | 003,629,231 | ---- | M] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:26:50 | 000,000,959 | ---- | M] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | M] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:41 | 000,005,104 | ---- | M] () -- C:\Windows\wininit.ini
[2012.10.06 16:26:02 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:28:21 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.06 15:16:09 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.10.06 00:55:23 | 000,287,152 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\SymVPN.dll
[2012.10.06 00:55:23 | 000,058,288 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\snacnp.dll
[2012.10.05 23:52:24 | 001,997,385 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:41:19 | 000,362,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 20:06:27 | 000,000,091 | ---- | M] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 20:05:29 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.02 03:00:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.01 18:31:53 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.09.26 16:55:44 | 000,000,162 | ---- | M] () -- C:\Users\aaa\SecurityKISSTunnel.config
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.09 15:22:32 | 000,478,024 | ---- | C] () -- C:\Users\aaa\Desktop\Label_Holzer.PDF
[2012.10.07 18:24:10 | 000,002,255 | ---- | C] () -- C:\Users\aaa\Desktop\Google Chrome.lnk
[2012.10.07 17:17:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.07 01:39:54 | 000,000,000 | ---- | C] () -- C:\Users\aaa\defogger_reenable
[2012.10.07 01:22:06 | 000,050,477 | ---- | C] () -- C:\Users\aaa\Desktop\Defogger.exe
[2012.10.07 00:37:17 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.06 23:45:46 | 000,007,669 | ---- | C] () -- C:\Users\aaa\AppData\Local\Resmon.ResmonCfg
[2012.10.06 23:22:32 | 000,001,451 | ---- | C] () -- C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proxomitron.exe - Verknüpfung.lnk
[2012.10.06 22:36:53 | 003,629,231 | ---- | C] () -- C:\Program Files (x86)\YourFileDownloader.rar
[2012.10.06 21:28:52 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.06 21:28:52 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012.10.06 21:28:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.10.06 21:26:50 | 000,000,959 | ---- | C] () -- C:\Users\aaa\Desktop\Zak McKracken - BTAS.lnk
[2012.10.06 21:14:57 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.10.06 21:14:57 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012.10.06 19:28:34 | 000,000,219 | ---- | C] () -- C:\Users\aaa\Desktop\Counter-Strike Source.url
[2012.10.06 19:08:02 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.10.06 19:08:02 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.10.06 16:46:33 | 000,005,104 | ---- | C] () -- C:\Windows\wininit.ini
[2012.10.06 15:28:02 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.10.06 15:11:51 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.10.05 23:52:08 | 001,997,385 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.10.05 20:06:27 | 000,000,091 | ---- | C] () -- C:\Users\aaa\AppData\Local\fusioncache.dat
[2012.10.05 15:34:10 | 000,921,600 | ---- | C] () -- C:\Windows\SysNative\vorbisenc.dll
[2012.10.05 15:34:10 | 000,237,568 | ---- | C] () -- C:\Windows\SysNative\OggDS.dll
[2012.10.05 15:34:10 | 000,188,416 | ---- | C] () -- C:\Windows\SysNative\vorbis.dll
[2012.10.05 15:34:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\ogg.dll
[2012.05.28 12:29:23 | 000,000,162 | ---- | C] () -- C:\Users\aaa\SecurityKISSTunnel.config
[2012.03.11 17:44:19 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 05:13:30 | 000,001,744 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.03.11 02:40:53 | 000,026,569 | ---- | C] () -- C:\ProgramData\1331426446.4376.bin
[2012.03.11 02:40:48 | 000,008,383 | ---- | C] () -- C:\ProgramData\1331426446.3708.bin
[2012.03.11 02:40:47 | 000,006,945 | ---- | C] () -- C:\ProgramData\1331426446.3724.bin
[2012.03.11 02:40:46 | 000,054,366 | ---- | C] () -- C:\ProgramData\1331426446.2708.bin
[2012.03.11 01:48:28 | 000,000,372 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.11 01:15:44 | 000,302,835 | ---- | C] () -- C:\ProgramData\1331420176.bdinstall.bin
[2012.03.10 21:05:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.03.10 21:05:49 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.03.10 21:05:49 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.03.10 21:05:49 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.03.10 20:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2012.02.07 20:35:48 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.04.13 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\3DataManager
[2012.03.11 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Bitdefender
[2012.03.14 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\BitTorrent
[2012.03.24 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Cerberus LLC
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.03.26 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\foobar2000
[2012.05.01 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GameHouse
[2012.03.24 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GrabPro
[2012.07.05 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ImgBurn
[2012.03.11 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\KC Softwares
[2012.05.11 11:03:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenOffice.org
[2012.10.06 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Opera
[2012.10.05 23:28:13 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Orbit
[2012.03.24 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ProgSense
[2012.03.11 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\QuickScan
[2012.03.14 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center
[2012.10.05 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TuneUp Software
[2012.10.07 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\uTorrent
[2012.05.02 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\YourFileDownloader
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.04.13 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\3DataManager
[2012.03.13 11:58:03 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Adobe
[2012.03.10 21:02:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ATI
[2012.03.11 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Bitdefender
[2012.03.14 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\BitTorrent
[2012.03.24 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Cerberus LLC
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\DAEMON Tools Pro
[2012.03.26 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\foobar2000
[2012.05.01 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GameHouse
[2012.03.10 21:04:46 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Google
[2012.03.24 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\GrabPro
[2012.03.10 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Identities
[2012.07.05 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ImgBurn
[2012.03.10 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\InstallShield
[2012.03.11 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\KC Softwares
[2012.03.10 21:06:57 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Macromedia
[2012.03.17 22:36:07 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Malwarebytes
[2009.11.05 02:26:35 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Media Center Programs
[2012.10.08 22:59:31 | 000,000,000 | --SD | M] -- C:\Users\aaa\AppData\Roaming\Microsoft
[2012.05.11 11:03:43 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\OpenOffice.org
[2012.10.06 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Opera
[2012.10.05 23:28:13 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Orbit
[2012.03.24 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\ProgSense
[2012.03.11 01:00:45 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\QuickScan
[2012.10.01 10:36:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Real
[2012.03.14 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center
[2012.10.09 22:21:18 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\Skype
[2012.10.05 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TestApp
[2012.10.05 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TuneUp Software
[2012.10.07 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\TweakNow PowerPack 2012
[2012.10.06 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\uTorrent
[2012.08.05 14:40:15 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\vlc
[2012.03.11 16:44:30 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\WinRAR
[2012.05.02 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\aaa\AppData\Roaming\YourFileDownloader
< %APPDATA%\*.exe /s >
[2012.10.01 10:36:31 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\aaa\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012.10.01 10:36:31 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\aaa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2010.11.10 15:44:22 | 000,242,024 | ---- | M] (Igor Pavlov) -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center\_base\7za.exe
[2010.11.10 15:44:22 | 000,023,920 | ---- | M] () -- C:\Users\aaa\AppData\Roaming\Securepoint Operation Center\_base\base64.exe
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_74f348dee3038044\iaStor.sys
[2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 52 bytes -> C:\Windows\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WPatchProgress.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WMSysPr9.prx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WLXPGSS.SCR:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisPriority.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisMvImg.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisLangCode.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPasx64.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WisGAPas.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\winhlp32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsUpdate.log:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WindowsShell.Manifest:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\WIN7BASE_XX.TAG:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\win.ini:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USER.XML:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\USB_VIDEO_REG.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\UNINST32.EXE:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twunk_16.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\twain.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\tasks\SCHEDLGU.TXT:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlibwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zlib.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\zipfldr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpw32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwtpdui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwreg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizards.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xwizard.dtd:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpssvcs.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XPSSHHDR.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsservices.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xpsrchvw.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsRasterService.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsPrint.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XpsFilt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xolehlp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlprovi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmllite.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xmlfilter.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XInput9_1_0.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\xcopy.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedSco.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\XceedCry.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wzcdlg.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wwapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WWanAPI.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuwebv.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wusa.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wups.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wudriver.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapp.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wuapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wtsapi32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSTPager.ax:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsock32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsnmp32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmWmiPl.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmTxt.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmSvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmRes.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmPty.xsl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmprovhost.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmplpxy.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WsmAuto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManMigrationPlugin.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSManHTTPConfig.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsmanconfig_schema.xml:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSHTCPIP.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshrm.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshqos.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshom.ocx:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshirda.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wship6.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshelper.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshcon.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wshbth.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsecedit.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wsdchngr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WSDApi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscui.cpl:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscript.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscproxystub.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscmisetup.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscisvif.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscinterop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wscapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2help.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\ws2_32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\write.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdwcn.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDSp.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShServiceObj.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WPDShextAutoplay.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpdshext.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcsvc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wpcao.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wpc.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wowreg32.exe:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wow32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVXENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSENCD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVENCOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmvdspa.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMVCORE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmsgapi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMPhoto.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMNetMgr.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmiprop.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmidx.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmi.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmsdk.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmnet.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdrmdev.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmdmlog.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wmcodecdspps.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMASF.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOE.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\WlS0WndH.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlgpclnt.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\Wldap32.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanutil.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanui.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlansec.dll:coranti
@Alternate Data Stream - 52 bytes -> C:\Windows\SysWow64\wlanpref.dl
|
