Pasquale | 20.11.2013 22:28 | Hallo Sandra und schon mal vielen Dank, dass du mir dabei hilfst! :)
Ich habe noch schnell bevor ich mit dem Scan begonnen habe ein paar meiner eigenen Dateien aufs Laptop kopiert, u.a. auch mein alter Mail-Eingang aus dem Ordner "AppData" von Thunderbird, damit diese quasi gleich mal mitgescannt werden(falls das überhaupt der Fall ist:D).
Okay, hier nun die beiden Textfiles: Code:
OTL Extras logfile created on: 20.11.2013 22:18:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomi\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,59% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 201,48 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Computer Name: TOMI-PC | User Name: Tomi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D17D068-05B4-49D9-B2FA-E38E3B5E9BB2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{66127C36-0355-49AC-87C5-D4BC6ED28819}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{664B5860-4480-40BE-B314-DF994A21F88C}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A564C6FC-C363-4351-9A79-4AE82ABD6798}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004355DB-B52D-4BEF-8EE1-D70D34B07AFC}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{06064D82-6F0F-4910-A39F-50C9B310E411}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x86__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{0FE1702C-7EBD-4325-BB82-956BB5FBD263}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{174BC13A-473B-4140-AC99-8526839D42F7}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{1B76C97B-C70B-47EB-BFB1-184825B58409}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{2DF2E2B0-A588-4810-90EB-4C394CAB983F}" = dir=in | name=junipernetworks.junospulsevpn |
"{2EE774A3-0B9A-434C-AAE3-E591B89D1B8F}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{331D3F10-92E3-4211-9259-CAF9D02FCE86}" = dir=out | name=junipernetworks.junospulsevpn |
"{6742A40A-D963-4C15-AA04-4A7488E799D5}" = dir=out | name=skype |
"{6BB649EE-6BB8-4120-AC98-B71C9FC55832}" = dir=in | name=skype |
"{77533C7C-6341-4CFA-8375-4BE5CEBE518C}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{835E0E77-65D1-4FAA-AA5E-AC67565A94FB}" = dir=out | name=sonicwall.mobileconnect |
"{A1EA902D-0CCC-4E5E-9AAC-897C457512D4}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A6979052-CC8B-43A0-B462-52AFB7D46FCD}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{A9080F4C-BE69-49F6-87CD-FAE444526D27}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{AF4CD98F-A6B6-4B1C-8D65-661A94CE0BDE}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{B3837F33-2DC4-4CB1-AB64-4D47964EC7C6}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{BBD56584-CE74-44F8-A8B4-55457C867519}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{BF9AB047-1845-49D2-B289-E7A2CEA947B6}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{C0FF9A50-5CBE-4C26-9A43-DCF14B5804AE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C6182E4B-10FC-4083-A766-458080D68E73}" = dir=in | name=f5.vpn.client |
"{D21021BE-E6F9-4072-8195-9B7C0DEBBF46}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D210399C-9771-419F-99A7-858E1E4560C6}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E20BB53A-3BDC-460D-BAEE-FFDC117AB485}" = dir=in | name=sonicwall.mobileconnect |
"{E2CF1B0A-7BDE-4856-9E88-327D3FE80A68}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{E6A4BE21-4183-455E-8C07-84C78011B261}" = dir=out | name=checkpoint.vpn |
"{F7C41391-2967-4A7A-BBDE-63CFBF0E45BD}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{FA35BA80-EA4B-48FD-9FEF-74E9E0B3FEC7}" = dir=in | name=checkpoint.vpn |
"{FE5EA256-AD54-4FD8-B211-1263089653FF}" = dir=out | name=f5.vpn.client |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"Mozilla Firefox 25.0.1 (x86 de)" = Mozilla Firefox 25.0.1 (x86 de)
"Mozilla Thunderbird 24.1.0 (x86 de)" = Mozilla Thunderbird 24.1.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 18.0.1284.49" = Opera Stable 18.0.1284.49
"sp6" = Logitech SetPoint 6.61
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.1.1
"WinRAR archiver" = WinRAR 5.00 (32-Bit)
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2013 13:38:31 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 20.11.2013 13:38:31 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error - 20.11.2013 13:38:32 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error - 20.11.2013 13:41:37 | Computer Name = Tomi-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Tomi\Desktop\Neu-Installation
11.2013 Windows 7 zu Windows 8.1\E625Touchpad_2.0\Touchpad\Synaptics_v11_2_2_C_Vista_Vista64_x64_XP_2K_Signed_compal\WinWDF\x64\dpinst.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.11.2013 13:44:02 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 20.11.2013 13:44:02 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error - 20.11.2013 13:44:03 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error - 20.11.2013 13:47:19 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0x80072EE7
Error - 20.11.2013 13:47:19 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0x80072EE7 SKU-ID=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Error - 20.11.2013 13:47:20 | Computer Name = Tomi-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0x80072EE7
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
[ System Events ]
Error - 20.11.2013 12:55:47 | Computer Name = windows-6466aqn | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 20.11.2013 12:56:34 | Computer Name = windows-6466aqn | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%1058
Error - 20.11.2013 12:56:45 | Computer Name = windows-6466aqn | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21
Error - 20.11.2013 13:02:20 | Computer Name = Tomi-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Druckererweiterungen und -benachrichtigungen" ist als
interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass
interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig
funktionieren.
Error - 20.11.2013 13:53:38 | Computer Name = Tomi-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 20.11.2013 14:14:44 | Computer Name = Tomi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NlaSvc erreicht.
Error - 20.11.2013 14:45:03 | Computer Name = Tomi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler
beendet: %%1
Error - 20.11.2013 15:10:05 | Computer Name = Tomi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?11.?2013 um 19:53:52 unerwartet heruntergefahren.
Error - 20.11.2013 15:18:57 | Computer Name = Tomi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
Error - 20.11.2013 16:24:23 | Computer Name = Tomi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070005 fehlgeschlagen: Update für Windows 8.1 (KB2883200)
< End of report > Code:
OTL logfile created on: 20.11.2013 22:18:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tomi\Desktop
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,59% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 201,48 Gb Free Space | 86,52% Space Free | Partition Type: NTFS
Computer Name: TOMI-PC | User Name: Tomi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.11.20 22:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomi\Desktop\OTL.exe
PRC - [2013.10.25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.10.25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013.10.23 08:19:06 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.10.23 08:19:05 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.10.23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.10.22 07:03:47 | 002,065,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013.10.18 02:35:55 | 014,650,144 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013.10.18 02:34:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.10.18 02:34:26 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.10.16 10:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe
PRC - [2013.10.15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Programme\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013.10.10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.10.10 19:14:05 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebg7.exe
PRC - [2013.10.10 19:14:05 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.10.10 19:14:04 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.10.10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.08.22 06:30:48 | 000,066,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.08.22 06:30:48 | 000,064,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.08.22 06:28:06 | 000,026,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinStore\WSHost.exe
PRC - [2013.08.22 06:21:42 | 000,029,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2013.08.22 03:45:10 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2013.08.22 03:45:01 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013.07.31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2013.06.13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - [2013.11.13 04:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.10.25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.10.23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.10.22 02:40:33 | 001,210,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\workfolderssvc.dll -- (workfolderssvc)
SRV - [2013.10.19 05:43:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.10.18 02:35:55 | 014,650,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013.10.18 02:34:26 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.10.15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013.10.10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.10.10 19:14:05 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.10.10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.10.10 15:52:58 | 002,872,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2013.10.10 11:35:11 | 001,128,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppXDeploymentServer.dll -- (AppXSvc)
SRV - [2013.10.04 09:00:53 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AppReadiness.dll -- (AppReadiness)
SRV - [2013.08.22 16:02:28 | 000,075,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV - [2013.08.22 16:02:25 | 001,778,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2013.08.22 16:02:21 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2013.08.22 06:18:20 | 000,278,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV - [2013.08.22 06:18:20 | 000,022,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2013.08.22 06:17:49 | 002,407,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013.08.22 05:03:29 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wephostsvc.dll -- (WEPHOSTSVC)
SRV - [2013.08.22 05:03:12 | 000,028,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2013.08.22 04:56:08 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2013.08.22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2013.08.22 04:54:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2013.08.22 04:50:48 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2013.08.22 04:10:39 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2013.08.22 04:05:56 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicguestinterface)
SRV - [2013.08.22 03:59:51 | 001,122,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2013.08.22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\smphost.dll -- (smphost)
SRV - [2013.08.22 03:50:12 | 000,197,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.08.22 03:49:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV - [2013.08.22 03:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2013.08.22 03:45:36 | 000,173,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.08.22 03:44:38 | 000,415,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.08.22 03:41:55 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ncbservice.dll -- (NcbService)
SRV - [2013.08.22 03:39:58 | 000,300,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2013.08.22 03:39:05 | 000,196,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2013.08.22 03:38:43 | 000,306,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2013.08.22 03:38:31 | 000,202,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2013.08.22 03:37:53 | 001,185,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.08.22 03:37:53 | 000,173,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2013.08.22 03:36:04 | 000,614,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.08.22 03:35:39 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013.08.22 03:31:45 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2013.08.22 03:21:32 | 000,064,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2013.06.13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
========== Driver Services (SafeList) ==========
DRV - [2013.10.23 11:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.10.23 11:00:52 | 000,458,776 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\Drivers\vsdatant.sys -- (Vsdatant)
DRV - [2013.10.13 01:45:41 | 000,069,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2013.10.10 19:14:07 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.10.10 19:14:05 | 000,067,680 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\avnetflt.sys -- (avnetflt)
DRV - [2013.10.10 19:14:05 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.10.10 19:14:04 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avipbb.sys -- (avipbb)
DRV - [2013.10.10 19:14:04 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.10.08 10:11:16 | 000,036,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\intelpep.sys -- (intelpep)
DRV - [2013.10.05 13:30:03 | 000,047,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\stornvme.sys -- (stornvme)
DRV - [2013.10.05 13:30:02 | 000,321,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.09.28 00:01:42 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013.09.11 12:21:55 | 000,261,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.08.22 16:02:30 | 000,019,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\kbldfltr.sys -- (kbldfltr)
DRV - [2013.08.22 16:02:28 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013.08.22 16:02:15 | 000,030,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2013.08.22 07:13:53 | 000,142,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2013.08.22 07:13:53 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2013.08.22 06:35:21 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2013.08.22 06:35:20 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2013.08.22 06:34:52 | 000,133,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.08.22 06:33:32 | 000,058,208 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2013.08.22 06:33:31 | 000,033,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2013.08.22 06:33:30 | 000,122,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2013.08.22 06:33:30 | 000,068,960 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV - [2013.08.22 06:33:29 | 000,069,472 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2013.08.22 06:33:26 | 000,086,368 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2013.08.22 06:33:25 | 000,773,472 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\adp80xx.sys -- (ADP80XX)
DRV - [2013.08.22 06:33:25 | 000,100,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2013.08.22 06:33:24 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2013.08.22 06:33:01 | 000,276,832 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2013.08.22 06:33:00 | 000,375,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.08.22 06:32:57 | 000,163,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2013.08.22 06:32:57 | 000,119,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx2.sys -- (SerCx2)
DRV - [2013.08.22 06:32:57 | 000,090,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.08.22 06:32:57 | 000,064,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2013.08.22 06:32:57 | 000,059,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2013.08.22 06:32:57 | 000,058,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2013.08.22 06:32:57 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2013.08.22 06:32:38 | 000,031,584 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2013.08.22 06:25:43 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.08.22 06:25:38 | 000,046,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2013.08.22 06:25:37 | 000,284,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2013.08.22 06:24:56 | 000,023,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uefi.sys -- (UEFI)
DRV - [2013.08.22 06:24:36 | 000,023,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2013.08.22 06:20:49 | 000,093,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdNisDrv.sys -- (WdNisDrv)
DRV - [2013.08.22 06:20:48 | 000,214,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.08.22 06:20:22 | 000,093,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2013.08.22 06:20:22 | 000,045,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2013.08.22 06:20:22 | 000,042,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2013.08.22 06:17:00 | 000,029,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.08.22 05:11:29 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ahcache.sys -- (ahcache)
DRV - [2013.08.22 05:11:04 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2013.08.22 05:10:58 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2013.08.22 05:10:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2013.08.22 05:10:37 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2013.08.22 05:10:28 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2013.08.22 05:10:21 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2013.08.22 05:10:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2013.08.22 05:10:01 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.08.22 05:09:59 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2013.08.22 05:09:57 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2013.08.22 05:09:50 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2013.08.22 05:09:37 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2013.08.22 05:09:23 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2013.08.22 05:09:15 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2013.08.22 05:09:10 | 000,026,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2013.08.22 05:09:09 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2013.08.22 05:09:03 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.08.22 05:09:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2013.08.22 05:09:01 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2013.08.22 05:08:37 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2013.08.22 05:08:18 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\netvsc63.sys -- (netvsc)
DRV - [2013.08.22 05:08:06 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV - [2013.08.22 05:07:57 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2013.08.22 05:07:55 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2013.08.22 05:07:19 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2013.08.22 02:58:35 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2013.08.13 00:25:32 | 000,016,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bcmfn2.sys -- (bcmfn2)
DRV - [2013.08.10 01:39:44 | 000,524,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\iaStorAV.sys -- (iaStorAV)
DRV - [2013.07.23 22:18:30 | 000,061,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaioi2c.sys -- (iaioi2c)
DRV - [2013.07.23 22:18:30 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\iaiogpio.sys -- (GPIO)
DRV - [2013.06.18 13:35:24 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2013.06.18 13:23:13 | 000,490,496 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Rt630x86.sys -- (RTL8168)
DRV - [2013.06.18 13:22:28 | 007,518,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2013.06.16 13:38:15 | 000,161,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013.05.23 07:12:34 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2013.05.23 07:12:32 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.05.26 09:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\jmcr.sys -- (JMCR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3620226083-624548031-3073195929-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=de&gu=600d46402bf6437bb1d43670eeff059b&tu=10G9y00B71C01g0&sku=&tstsId=&ver=&
IE - HKU\S-1-5-21-3620226083-624548031-3073195929-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.11.20 19:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2013.11.20 19:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tomi\AppData\Roaming\mozilla\Extensions
[2013.11.20 18:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.11.20 19:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.11.20 19:42:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013.08.22 07:13:55 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562505AF-3E26-463F-9281-AAB0B191580F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0B18C0E-BF86-485E-A081-FFC0153A0F1A}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.08.22 09:16:34 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TELEPHONY\PROVIDERS HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TELEPHONY\PROVIDERS /64 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION /S HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION /S /64 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE /S HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE /S /64 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST /64 HKEY_LOCAL_MACHINE\SOFTWARE\JOOSOFT.COM HKEY_LOCAL_MACHINE\SOFTWARE\JOOSOFT.COM /64 %SYSTEMROOT%\SYSTEM32\*.TSP %SYSTEMROOT%\SYSTEM32\*.TSP /64 C:\WINDOWS\SYSTEM32\*.DLL /800 C:\WINDOWS\SYSTEM32\*.DLL /800 /64 CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.11.20 22:10:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tomi\Desktop\OTL.exe
[2013.11.20 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\Smartmobil Rechnungen
[2013.11.20 22:05:54 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\sd karten back up
[2013.11.20 22:05:52 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\pinker QIP skin
[2013.11.20 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\pegasus
[2013.11.20 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\Hogewindverarsche etc
[2013.11.20 22:05:28 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\Formel 1 - Saison X
[2013.11.20 22:05:20 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\Eigene Scans
[2013.11.20 22:05:08 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\Daten von der SD-Karte LG Handy
[2013.11.20 22:05:08 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\bewerbungen
[2013.11.20 22:05:06 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Documents\08.Oktober 2009 - 12.Januar 2010
[2013.11.20 22:03:38 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Thunderbird
[2013.11.20 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Thunderbird
[2013.11.20 21:55:42 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\vlc
[2013.11.20 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Misc
[2013.11.20 20:25:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.11.20 20:16:40 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.11.20 19:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.11.20 19:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.11.20 19:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.11.20 19:42:43 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Mozilla
[2013.11.20 19:42:43 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Mozilla
[2013.11.20 19:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.11.20 19:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.11.20 19:39:36 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Macromedia
[2013.11.20 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.20 19:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.11.20 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Adobe
[2013.11.20 19:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.11.20 19:01:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013.11.20 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Leadertech
[2013.11.20 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.11.20 19:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013.11.20 19:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2013.11.20 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.11.20 18:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.11.20 18:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.11.20 18:48:50 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Avira
[2013.11.20 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Logitech
[2013.11.20 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Logishrd
[2013.11.20 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.11.20 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2013.11.20 18:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.11.20 18:26:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.11.20 18:26:09 | 000,137,208 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.11.20 18:26:09 | 000,089,376 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.11.20 18:26:09 | 000,067,680 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.11.20 18:26:09 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.11.20 18:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.11.20 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.11.20 18:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.11.20 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.11.20 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Opera Software
[2013.11.20 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Opera Software
[2013.11.20 18:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013.11.20 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Google
[2013.11.20 18:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.11.20 18:15:06 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\WinRAR
[2013.11.20 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.11.20 18:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.11.20 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.11.20 18:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.11.20 18:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.11.20 18:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.11.20 18:11:02 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.11.20 18:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.11.20 18:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.11.20 18:08:39 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.11.20 18:07:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.11.20 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\Tomi\Desktop\Neu-Installation 11.2013 Windows 7 zu Windows 8.1
[2013.11.20 18:02:18 | 000,000,000 | R--D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.11.20 18:02:18 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Searches
[2013.11.20 18:02:18 | 000,000,000 | R--D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.11.20 18:02:17 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Contacts
[2013.11.20 18:02:05 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\VirtualStore
[2013.11.20 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Packages
[2013.11.20 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Adobe
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Vorlagen
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\AppData\Local\Verlauf
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\AppData\Local\Temporary Internet Files
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Startmenü
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\SendTo
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Recent
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Netzwerkumgebung
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Lokale Einstellungen
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Documents\Eigene Videos
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Documents\Eigene Musik
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Eigene Dateien
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Documents\Eigene Bilder
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Druckumgebung
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Cookies
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\AppData\Local\Anwendungsdaten
[2013.11.20 18:01:48 | 000,000,000 | -HSD | C] -- C:\Users\Tomi\Anwendungsdaten
[2013.11.20 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Temp
[2013.11.20 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Local\Microsoft
[2013.11.20 18:01:45 | 000,000,000 | --SD | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Videos
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Saved Games
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Pictures
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Music
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Links
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Favorites
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Downloads
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Documents
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\Desktop
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.11.20 18:01:45 | 000,000,000 | R--D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.11.20 18:01:45 | 000,000,000 | -H-D | C] -- C:\Users\Tomi\AppData
[2013.11.20 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.11.20 18:01:44 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.11.20 17:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.11.20 17:57:44 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.11.20 17:56:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.11.20 17:55:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.11.20 17:55:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.11.20 17:54:47 | 000,000,000 | -HSD | C] -- C:\Boot
========== Files - Modified Within 30 Days ==========
[2013.11.20 22:10:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tomi\Desktop\OTL.exe
[2013.11.20 21:50:47 | 000,727,930 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.11.20 21:50:47 | 000,687,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.20 21:50:47 | 000,151,586 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.11.20 21:50:47 | 000,127,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.20 21:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.20 21:20:00 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.11.20 21:19:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.20 21:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.20 21:16:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.11.20 21:16:46 | 2572,681,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.20 21:08:22 | 000,333,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.11.20 19:45:46 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.11.20 19:44:59 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.11.20 19:42:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.11.20 19:00:54 | 000,001,348 | ---- | M] () -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.11.20 19:00:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2013.11.20 19:00:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013.11.20 18:54:03 | 000,417,513 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2013.11.20 18:53:26 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.11.20 18:26:19 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.11.20 18:16:42 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.11.20 18:15:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013.11.20 18:12:42 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.11.20 18:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.11.20 17:57:51 | 000,055,502 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013.11.20 17:54:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013.10.23 11:24:25 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.10.23 11:24:25 | 000,018,174 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
========== Files Created - No Company Name ==========
[2013.11.20 22:05:06 | 000,169,266 | ---- | C] () -- C:\Users\Tomi\Documents\shooting.jpg
[2013.11.20 22:05:06 | 000,051,986 | ---- | C] () -- C:\Users\Tomi\Documents\base rechnung august.pdf
[2013.11.20 22:05:06 | 000,051,612 | ---- | C] () -- C:\Users\Tomi\Documents\201111_BASE_Rechnung_491785295466.pdf
[2013.11.20 22:05:06 | 000,048,886 | ---- | C] () -- C:\Users\Tomi\Documents\201111_BASE_EVN_491785295466.pdf
[2013.11.20 22:05:06 | 000,035,398 | ---- | C] () -- C:\Users\Tomi\Documents\bingo wahrscheinlichkeit mal vier.pdf
[2013.11.20 22:05:06 | 000,029,943 | ---- | C] () -- C:\Users\Tomi\Documents\Gitarrengriffe.rtf
[2013.11.20 22:05:06 | 000,017,410 | ---- | C] () -- C:\Users\Tomi\Documents\music2.jpg
[2013.11.20 22:05:05 | 008,603,215 | ---- | C] () -- C:\Users\Tomi\Documents\14 Tribute to Modern Talking, Vol. 2.m4a
[2013.11.20 20:01:16 | 000,385,528 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml
[2013.11.20 19:45:46 | 000,002,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.11.20 19:45:46 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.11.20 19:44:59 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.11.20 19:42:36 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.11.20 19:42:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.11.20 19:38:15 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.11.20 19:37:47 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.20 19:37:46 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.20 19:00:54 | 000,001,348 | ---- | C] () -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013.11.20 19:00:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2013.11.20 19:00:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013.11.20 18:53:35 | 000,417,513 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2013.11.20 18:53:26 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.11.20 18:26:19 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.11.20 18:16:42 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.11.20 18:16:42 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.11.20 18:15:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2013.11.20 18:12:42 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.11.20 18:10:12 | 000,018,174 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.11.20 18:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.11.20 18:02:01 | 000,001,450 | ---- | C] () -- C:\Users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.11.20 17:58:41 | 2572,681,216 | -HS- | C] () -- C:\hiberfil.sys
[2013.11.20 17:55:54 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.11.20 17:54:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013.08.22 15:59:39 | 000,727,930 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013.08.22 15:59:39 | 000,305,634 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013.08.22 15:59:39 | 000,151,586 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013.08.22 15:59:39 | 000,040,390 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013.08.22 09:19:09 | 000,687,180 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2013.08.22 09:19:09 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2013.08.22 09:19:09 | 000,127,812 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2013.08.22 09:19:09 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2013.08.22 09:17:31 | 000,000,389 | ---- | C] () -- C:\Windows\System32\AutoWorkplace.exe.config
[2013.08.22 09:17:30 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2013.08.22 09:17:29 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2013.08.22 08:24:03 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.08.22 08:22:45 | 000,333,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.08.22 04:33:54 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2013.08.22 04:17:46 | 000,103,936 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2013.08.22 00:57:03 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2013.08.22 00:52:35 | 001,520,828 | ---- | C] () -- C:\Windows\System32\WpcNBModel.bin
[2013.08.22 00:52:35 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin
[2013.08.22 00:50:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\settings.dat
[2013.08.22 00:48:14 | 000,049,963 | ---- | C] () -- C:\Windows\System32\srms.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2013.08.22 03:42:12 | 000,390,144 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.11.20 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\Leadertech
[2013.11.20 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\Opera Software
[2013.11.20 22:03:09 | 000,000,000 | ---D | M] -- C:\Users\Tomi\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report > |