herzlichen Dank für die schnelle Hilfe, nach ein wenig hin und her hab ich's jetzt geschafft!
Also:
OTL:OTL Logfile: Code:
OTL logfile created on: 03.03.2012 20:24:17 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = I:\PROGRAMS\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,24 Gb Total Space | 11,29 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 211,16 Gb Free Space | 70,84% Space Free | Partition Type: NTFS
Drive E: | 8,84 Gb Total Space | 1,63 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive G: | 23,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 702,81 Mb Total Space | 674,86 Mb Free Space | 96,02% Space Free | Partition Type: UDF
Computer Name: AMBROSIUS | User Name: ambros
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.09 10:44:26 | 000,316,888 | ---- | M] (Protection Technology) [Auto] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2010.05.18 14:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.08 09:19:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.09.05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.06.13 03:55:49 | 001,245,064 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.03.26 14:26:56 | 000,341,328 | ---- | M] () [Auto] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.28 00:06:27 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2008.02.09 23:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.02.01 15:12:44 | 000,151,552 | ---- | M] (Droppix) [On_Demand] -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.22 08:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (NAVEX15)
DRV - File not found [Kernel | On_Demand] -- -- (NAVENG)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (hwusbfake)
DRV - [2010.10.09 10:44:26 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.24 15:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.02.19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 09:33:38 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.09.12 08:33:24 | 000,270,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081106.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008.09.09 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008.09.05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.08.07 13:42:12 | 000,025,392 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.08.07 13:31:52 | 000,034,608 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.07.30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.05.09 02:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.04.27 10:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.11 18:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.14 07:51:50 | 000,280,192 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.01 00:51:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008.02.01 00:51:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008.02.01 00:51:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008.01.24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.08.09 00:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.02.16 01:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2002.07.17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Stift Kremsmünster: Startseite NEU
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.stift-kremsmuenster.at/"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.27 11:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.20 11:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 16:01:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.27 11:58:08 | 000,000,000 | ---D | M]
[2011.09.19 09:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Extensions
[2008.10.04 07:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\extensions
[2012.03.03 19:26:11 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012.02.23 10:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ambros\AppData\Roaming\mozilla\Firefox\Profiles\hiyebr87.default\extensions
[2012.02.23 10:22:16 | 000,000,933 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\11-suche.xml
[2012.02.23 10:22:15 | 000,002,419 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 10:26:41 | 000,010,553 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\gmx-suche-sterreich.xml
[2012.02.23 10:22:16 | 000,010,525 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\gmx-suche.xml
[2012.02.23 10:22:15 | 000,002,457 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\lastminute.xml
[2012.02.23 10:22:15 | 000,005,508 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Mozilla\Firefox\Profiles\hiyebr87.default\searchplugins\webde-suche.xml
[2011.09.19 09:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\AMBROS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIYEBR87.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.12.20 11:37:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.20 11:37:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.20 11:37:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.20 11:37:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.20 11:37:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.20 11:37:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.20 11:37:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark X1100 Series] File not found
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-320825625-2981028103-1688675666-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ambros\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09-Registrierung.lnk = C:\Program Files\EA SPORTS\FIFA 09\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk = C:\Program Files\EA SPORTS\FIFA 11\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK = D:\Assassin's Creed\Register\RegistrationReminder.exe (Ubisoft)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222086231 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ambros\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ambros\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.05 17:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f186bf1-6cbd-11e0-8fe2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{0f186bf1-6cbd-11e0-8fe2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{19d79518-656c-11df-8cc0-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{19d79518-656c-11df-8cc0-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71cd3570-0a4d-11e0-bbd9-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{71cd3570-0a4d-11e0-bbd9-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{71cd365e-0a4d-11e0-bbd9-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{71cd365e-0a4d-11e0-bbd9-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76e6a2c4-076b-11e0-9721-001eec8bc161}\Shell - "" = AutoRun
O33 - MountPoints2\{76e6a2c4-076b-11e0-9721-001eec8bc161}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9277fb2a-b611-11e0-95e5-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9277fb2a-b611-11e0-95e5-0021866681d7}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{be400346-31dc-11df-aff0-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{be400346-31dc-11df-aff0-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eadc3e72-7c53-11df-b9f1-001eec8bc161}\Shell - "" = AutoRun
O33 - MountPoints2\{eadc3e72-7c53-11df-b9f1-001eec8bc161}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0e4d242-3007-11df-baa2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e4d242-3007-11df-baa2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0e4d256-3007-11df-baa2-0021866681d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0e4d256-3007-11df-baa2-0021866681d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.23 03:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3586771B-B3ED-B11B-2F21-F2AA9DAC0F7C} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DC611BB9-EF13-F453-EE8D-FCD4698DDDB5} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
========== Files/Folders - Created Within 30 Days ==========
[2012.03.02 23:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.03.02 23:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.03.02 22:44:28 | 000,000,000 | ---D | C] -- C:\Users\SatorArepo
[2012.03.01 19:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ovid
[2012.02.21 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Skispringen 2006 Demo
[2012.02.21 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\ambros\Favorites\Documents\Deluxe Ski Jump 4
[2012.02.21 19:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.02.21 19:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2012.02.03 17:00:12 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.02.03 16:58:44 | 000,000,000 | ---D | C] -- C:\Users\ambros\AppData\Roaming\Dropbox
[2008.12.09 19:41:57 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDPhcp.dll
[2008.12.09 19:41:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdpinpa.dll
[2008.12.09 19:41:56 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdpusb1.dll
[2008.12.09 19:41:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpiesc.dll
[2008.12.09 19:41:55 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdpserv.dll
[2008.12.09 19:41:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdpprox.dll
[2008.12.09 19:41:54 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdppmui.dll
[2008.12.09 19:41:54 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdplmpm.dll
[2008.12.09 19:41:53 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdpih.exe
[2008.12.09 19:41:52 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdphbn3.dll
[2008.12.09 19:41:51 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdpcoms.exe
[2008.12.09 19:41:50 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomc.dll
[2008.12.09 19:41:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdpcomm.dll
[2008.12.09 19:41:50 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdpcfg.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\ambros\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\ambros\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\ambros\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\ambros\AppData\Local\bass.dll
[18 C:\Users\ambros\Favorites\Documents\*.tmp files -> C:\Users\ambros\Favorites\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.03 20:18:37 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.03 20:18:37 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.03 20:18:37 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.03 20:18:37 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.03 19:51:31 | 000,001,162 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk
[2012.03.03 19:38:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.03 19:36:40 | 000,000,269 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.03.03 19:35:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 19:34:10 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.03 19:33:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 19:33:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 19:33:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.03 19:33:06 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.03 19:25:50 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.03.03 19:25:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.02.24 00:08:09 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.24 00:06:43 | 986,685,519 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PcmFreaks-Vintage03-DB.rar
[2012.02.24 00:06:43 | 845,654,016 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010.mpg
[2012.02.24 00:06:43 | 723,343,360 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\rohfassung.mpg
[2012.02.24 00:06:43 | 476,562,614 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB Realnames 2010 PackagePatch1_8 for PCM 2010.rar
[2012.02.24 00:06:43 | 436,844,159 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages1.rar
[2012.02.24 00:06:43 | 245,067,171 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages3.rar
[2012.02.24 00:06:43 | 216,779,801 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\stages_28.06.10.rar
[2012.02.24 00:06:43 | 2110,230,528 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italiänische Reise.mpg
[2012.02.24 00:06:43 | 188,836,360 | ---- | M] (Cyanide ) -- C:\Users\ambros\Favorites\Documents\Setup-Patch-1.0.4.2-From-1.0.0.0.exe
[2012.02.24 00:06:43 | 164,539,715 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_CM_Stages2.rar
[2012.02.24 00:06:43 | 1355,362,756 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Paris-Helena.avi
[2012.02.24 00:06:43 | 1187,985,408 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010fertig.mpg
[2012.02.24 00:06:43 | 117,890,992 | ---- | M] (Cyanide ) -- C:\Users\ambros\Favorites\Documents\PCM2010_multi_patch_1.0.1.8.exe
[2012.02.24 00:06:43 | 1163,400,092 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ParisundHelena.avi
[2012.02.24 00:06:43 | 099,381,968 | ---- | M] (Cyanide ) -- C:\Users\ambros\Favorites\Documents\Setup-Patch-1.0.3.0-From-1.0.2.2.exe
[2012.02.24 00:06:43 | 091,329,504 | ---- | M] (Cyanide ) -- C:\Users\ambros\Favorites\Documents\PCM2010_Patch-1.0.2.2-From-1.0.1.8.exe
[2012.02.24 00:06:43 | 065,522,686 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pilhofer.pdf
[2012.02.24 00:06:43 | 039,179,070 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB_Giant_2010_for_PCM2010_v2_Patch 2.rar
[2012.02.24 00:06:43 | 036,918,430 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fußball11.wmv
[2012.02.24 00:06:43 | 028,660,389 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italiänische Reisemail.ppsx
[2012.02.24 00:06:43 | 019,681,629 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PutzII.pdf
[2012.02.24 00:06:43 | 012,030,439 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_WM_YOUTUBE_VIDEO_DOWNLOAD.mp4
[2012.02.24 00:06:43 | 010,573,899 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\italiänischeReise.ncd
[2012.02.24 00:06:43 | 008,118,160 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\patrickstunde.wmv
[2012.02.24 00:06:43 | 008,116,716 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Patrick's lesson.wmv
[2012.02.24 00:06:43 | 006,990,412 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mit15.mp3
[2012.02.24 00:06:43 | 006,694,558 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\profess.ncd
[2012.02.24 00:06:43 | 006,633,082 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Matondo-Tuzizila_Simon_Afrikanisches_Christentum.pdf
[2012.02.24 00:06:43 | 005,283,456 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Marchart_Kultur-_und_Medienbegriff_der_CS.pdf
[2012.02.24 00:06:43 | 005,252,857 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pro Cycling Manager 2010 CRACK+SERIAL.rar
[2012.02.24 00:06:43 | 004,612,430 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italien2011.pds
[2012.02.24 00:06:43 | 003,730,749 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Single_INTRONEU.mp3
[2012.02.24 00:06:43 | 003,679,255 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pastor AEternus.pdf
[2012.02.24 00:06:43 | 003,441,822 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Parratt_JOhn_Theologiegeschichte_der_Dritten_Welt_Afrika.pdf
[2012.02.24 00:06:43 | 003,421,869 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\patrickstunde.wma
[2012.02.24 00:06:43 | 003,323,904 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sprung.pps
[2012.02.24 00:06:43 | 003,284,103 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mette%20theolst..pdf
[2012.02.24 00:06:43 | 003,249,132 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PPDB Giant 2010 for PCM 2010 v3.rar
[2012.02.24 00:06:43 | 003,248,096 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_2074.JPG
[2012.02.24 00:06:43 | 003,179,409 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pygmalion.wma
[2012.02.24 00:06:43 | 003,071,944 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_9491.JPG
[2012.02.24 00:06:43 | 002,923,572 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sapientia+Christiana.pdf
[2012.02.24 00:06:43 | 002,872,922 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version7+copy.jpg
[2012.02.24 00:06:43 | 002,822,110 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sommer2010.pds
[2012.02.24 00:06:43 | 002,779,621 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\schatz.pds
[2012.02.24 00:06:43 | 002,599,713 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\MDB87141-interrail_broschuere_final_ohne_kanten.pdf
[2012.02.24 00:06:43 | 002,360,567 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5715(1).JPG
[2012.02.24 00:06:43 | 002,267,286 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5718(1).JPG
[2012.02.24 00:06:43 | 002,191,609 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Trani.wma
[2012.02.24 00:06:43 | 002,176,281 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\DSCF2131a.jpg
[2012.02.24 00:06:43 | 002,151,199 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pästum.wma
[2012.02.24 00:06:43 | 002,066,221 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\gp_raiffeisen.zip
[2012.02.24 00:06:43 | 002,046,428 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Klein%20prakt.theol.pdf
[2012.02.24 00:06:43 | 002,044,444 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Dilllersberger.pdf
[2012.02.24 00:06:43 | 001,954,445 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Uni.pds
[2012.02.24 00:06:43 | 001,835,446 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kongress+Teheran+März+2011.pdf
[2012.02.24 00:06:43 | 001,832,409 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pompei1.wma
[2012.02.24 00:06:43 | 001,815,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PlakatA1.jpg
[2012.02.24 00:06:43 | 001,697,709 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Siena.wma
[2012.02.24 00:06:43 | 001,678,907 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\faszination.zip
[2012.02.24 00:06:43 | 001,665,389 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\marathon_staffel_A4.pdf
[2012.02.24 00:06:43 | 001,665,073 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5698(1).JPG
[2012.02.24 00:06:43 | 001,623,907 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\fronts10_linz_druck.jpg
[2012.02.24 00:06:43 | 001,603,419 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\venedigpadua.wma
[2012.02.24 00:06:43 | 001,486,679 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Venedig2.wma
[2012.02.24 00:06:43 | 001,463,827 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\drn-nhl4.rar
[2012.02.24 00:06:43 | 001,438,209 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\TheoFest1.jpg
[2012.02.24 00:06:43 | 001,338,509 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Herculaneum.wma
[2012.02.24 00:06:43 | 001,243,246 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\linzmarathon.pdf
[2012.02.24 00:06:43 | 001,200,932 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PRN_Uni1-02_2413_001.pdf
[2012.02.24 00:06:43 | 001,190,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\kuschel 1.wma
[2012.02.24 00:06:43 | 001,159,904 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\flyerA5_GMG11.pdf
[2012.02.24 00:06:43 | 001,134,280 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_5280(1).JPG
[2012.02.24 00:06:43 | 001,129,713 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_2969(1).JPG
[2012.02.24 00:06:43 | 001,121,730 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Local.cdb
[2012.02.24 00:06:43 | 001,109,519 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Venezia11.wma
[2012.02.24 00:06:43 | 001,095,526 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mappa_linee.pdf
[2012.02.24 00:06:43 | 001,078,089 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\venezia1.wma
[2012.02.24 00:06:43 | 001,006,249 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\heimreise.wma
[2012.02.24 00:06:43 | 000,977,897 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StageNormandieFix.rar
[2012.02.24 00:06:43 | 000,913,248 | ---- | M] (DivX, LLC) -- C:\Users\ambros\Favorites\Documents\DivXInstaller.exe
[2012.02.24 00:06:43 | 000,902,979 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Trix4.wma
[2012.02.24 00:06:43 | 000,879,564 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\LogoAdresseBmpVersuch.bmp
[2012.02.24 00:06:43 | 000,858,079 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pompei2.wma
[2012.02.24 00:06:43 | 000,840,119 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Pisa.wma
[2012.02.24 00:06:43 | 000,831,139 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\trix3.wma
[2012.02.24 00:06:43 | 000,759,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\napoli.wma
[2012.02.24 00:06:43 | 000,635,919 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\TRIANGEL_Logo.jpg
[2012.02.24 00:06:43 | 000,593,297 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Medienpädagogikportfolio.pdf
[2012.02.24 00:06:43 | 000,580,656 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\romaepiu_cose.pdf
[2012.02.24 00:06:43 | 000,566,230 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gruppenarbeit_PS-Arbeit_Reinhard_Stiksel.pdf
[2012.02.24 00:06:43 | 000,557,249 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ITalienABschluss.wma
[2012.02.24 00:06:43 | 000,540,195 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_3646(1).JPG
[2012.02.24 00:06:43 | 000,535,706 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\IMG_3646(1)(1).JPG
[2012.02.24 00:06:43 | 000,525,819 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Epilog.wma
[2012.02.24 00:06:43 | 000,518,829 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version3+copy.jpg
[2012.02.24 00:06:43 | 000,462,959 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\pozzuoli.wma
[2012.02.24 00:06:43 | 000,454,983 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ÖKT+Konferenz+Planung.pdf
[2012.02.24 00:06:43 | 000,437,098 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PRN_Uni1-02_1408_001.pdf
[2012.02.24 00:06:43 | 000,433,215 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gruppenarbeit_Reinhard_Stiksel.pdf
[2012.02.24 00:06:43 | 000,432,478 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PerformerativerRU_PSA_Freudl_Stiksel.pdf
[2012.02.24 00:06:43 | 000,397,161 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PCM2010_Variants_full.pdf
[2012.02.24 00:06:43 | 000,381,781 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Karajanplatz.pdf
[2012.02.24 00:06:43 | 000,359,689 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Gaisberg.wma
[2012.02.24 00:06:43 | 000,346,219 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\firenze.wma
[2012.02.24 00:06:43 | 000,340,676 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version1+copy.jpg
[2012.02.24 00:06:43 | 000,335,810 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Sponsorenbrief_Fest2011.pdf
[2012.02.24 00:06:43 | 000,329,112 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Stellungnahme+StV-FV-Theologie+zu+ÖH-Artikel.pdf
[2012.02.24 00:06:43 | 000,321,296 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\WerbeformularSTVTheol.pdf
[2012.02.24 00:06:43 | 000,310,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Italien1.wma
[2012.02.24 00:06:43 | 000,305,978 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PAtrick Profess.pdf
[2012.02.24 00:06:43 | 000,301,319 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\tr1.wma
[2012.02.24 00:06:43 | 000,299,552 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\LNP_Salzburg_2009.pdf
[2012.02.24 00:06:43 | 000,294,995 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Rede_Helmke_160107.pdf
[2012.02.24 00:06:43 | 000,292,762 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\mittelfristige Planung_Stiksel_Schwarz.pdf
[2012.02.24 00:06:43 | 000,286,489 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PS_EF_Wissenschaftliches_Arbeiten_Augustinus.pdf
[2012.02.24 00:06:43 | 000,286,255 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Plakat_version2+copy.jpg
[2012.02.24 00:06:43 | 000,283,106 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StwInfo_20110311.pdf
[2012.02.24 00:06:43 | 000,274,379 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PB1.wma
[2012.02.24 00:06:43 | 000,270,156 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\erstsemestrigenabendWS10.jpg
[2012.02.24 00:06:43 | 000,256,476 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sporerklein.odp
[2012.02.24 00:06:43 | 000,255,628 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Patricksprofess.pds
[2012.02.24 00:06:43 | 000,253,790 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\lp_ahs-os.pdf
[2012.02.24 00:06:43 | 000,253,790 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Lehrplan_AHS-Oberstufe_2006.pdf
[2012.02.24 00:06:43 | 000,251,929 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Prooemium.wma
[2012.02.24 00:06:43 | 000,248,828 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theolfest_2011_Gästeliste.pdf
[2012.02.24 00:06:43 | 000,247,439 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Unbenannt (3).wma
[2012.02.24 00:06:43 | 000,245,868 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\setup_CEWE_FOTOBUCH_Software.exe
[2012.02.24 00:06:43 | 000,242,688 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\NewsletterWalterHuberAugust2010.dot
[2012.02.24 00:06:43 | 000,242,405 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\flyerA5_tpb_10-11_lr.pdf
[2012.02.24 00:06:43 | 000,238,424 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_2010_Flyer_D_GESAMT_Sommerfest.pdf
[2012.02.24 00:06:43 | 000,223,300 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Mögliche Sponsoren 2011.pdf
[2012.02.24 00:06:43 | 000,217,258 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\HdE+-+Exerzitien+2010+-+9.pdf
[2012.02.24 00:06:43 | 000,213,559 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Entwicklungsplan+Fachbereiche+03-05-2011+_2_.pdf
[2012.02.24 00:06:43 | 000,201,981 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Paed_Theorien_fuer_den_Unterricht.pdf
[2012.02.24 00:06:43 | 000,201,864 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Einkaufsliste_Theolfest_2011.pdf
[2012.02.24 00:06:43 | 000,194,413 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PDR.dmp
[2012.02.24 00:06:43 | 000,194,032 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\stages_28.06.10_2nd_part.rar
[2012.02.24 00:06:43 | 000,186,954 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Jesus+und+die+Ehebrecherin.pdf
[2012.02.24 00:06:43 | 000,179,055 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Vatikan.pdf
[2012.02.24 00:06:43 | 000,166,619 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\verona.wma
[2012.02.24 00:06:43 | 000,151,398 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Troja2.pds
[2012.02.24 00:06:43 | 000,144,183 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\UDF1.nru
[2012.02.24 00:06:43 | 000,135,384 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Wissenschaftsrat,+Empfehlungen+zur+Weiterentwicklung+von+Theologien,+Berlin+2010,+51-59.pdf
[2012.02.24 00:06:43 | 000,125,799 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Nikolaus von Myra.pdf
[2012.02.24 00:06:43 | 000,125,669 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fachbereiche+2011.pdf
[2012.02.24 00:06:43 | 000,123,552 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\nticket.pdf
[2012.02.24 00:06:43 | 000,121,836 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\JacdeVoragine_Nikolausgeschichte.pdf
[2012.02.24 00:06:43 | 000,118,748 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\jticket.pdf
[2012.02.24 00:06:43 | 000,109,105 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Troja.pds
[2012.02.24 00:06:43 | 000,105,705 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Studierende_Entwicklungsplan_11_03_18.pdf
[2012.02.24 00:06:43 | 000,097,120 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\[Untitled].pdf
[2012.02.24 00:06:43 | 000,095,339 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\JesusElvis_definite.jpg
[2012.02.24 00:06:43 | 000,092,683 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Entwicklungsplan-Vortext-alle.pdf
[2012.02.24 00:06:43 | 000,085,728 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\sem.pdf
[2012.02.24 00:06:43 | 000,084,536 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\StuZi+Koordination+WS10-11.pdf
[2012.02.24 00:06:43 | 000,084,457 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kirchliche_Statistik_2008_Pastoraldaten.pdf
[2012.02.24 00:06:43 | 000,082,534 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Fussball_2010_ERGEBNISLISTE.pdf
[2012.02.24 00:06:43 | 000,080,230 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\VORAUs.pds
[2012.02.24 00:06:43 | 000,080,070 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\F3A1NN8P.pdf
[2012.02.24 00:06:43 | 000,075,576 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_84459533.PDF
[2012.02.24 00:06:43 | 000,072,284 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Kursportfolio%20RP-MP.pdf
[2012.02.24 00:06:43 | 000,067,630 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\liste_studentenheime.pdf
[2012.02.24 00:06:43 | 000,063,067 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theologiefest_Salzburg.pdf
[2012.02.24 00:06:43 | 000,060,000 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Linie120.pdf
[2012.02.24 00:06:43 | 000,057,944 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Tagesordnung.pdf
[2012.02.24 00:06:43 | 000,056,490 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Folie1.JPG
[2012.02.24 00:06:43 | 000,055,765 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Theolfest_2011_Diensteinteilung_11_05_25.pdf
[2012.02.24 00:06:43 | 000,052,985 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Zitat+des+Jahres.jpg
[2012.02.24 00:06:43 | 000,049,932 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\RomaPass.pdf
[2012.02.24 00:06:43 | 000,049,917 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\theol-relpaed012.pdf
[2012.02.24 00:06:43 | 000,048,628 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\theol-fachth.pdf
[2012.02.24 00:06:43 | 000,044,950 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\strossmayer_rede.pdf
[2012.02.24 00:06:43 | 000,039,679 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_91678738.PDF
[2012.02.24 00:06:43 | 000,039,424 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_94905807.pdf
[2012.02.24 00:06:43 | 000,039,379 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_90833127.PDF
[2012.02.24 00:06:43 | 000,039,296 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\tagesreichweiten_des_fernsehens_in_oesterreich_2008_nach_alter_021238.pdf
[2012.02.24 00:06:43 | 000,039,083 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_86894517.PDF
[2012.02.24 00:06:43 | 000,037,951 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_88487559.PDF
[2012.02.24 00:06:43 | 000,037,950 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Orange_Service_Abrechnung_NR_87688360.PDF
[2012.02.24 00:06:43 | 000,036,668 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Wichtige_Informationen_Marathon_2010.pdf
[2012.02.24 00:06:43 | 000,036,635 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Eschenlohe Salzburg.pdf
[2012.02.24 00:06:43 | 000,035,878 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\dvd.odt
[2012.02.24 00:06:43 | 000,032,466 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Salzburg Eschenlohe.pdf
[2012.02.24 00:06:43 | 000,029,076 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PEtrus.odt
[2012.02.24 00:06:43 | 000,012,494 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Florian1.nra
[2012.02.24 00:06:43 | 000,004,979 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Unbenannt (2).wma
[2012.02.24 00:06:43 | 000,002,170 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Laacher Weihnacht.lpp
[2012.02.24 00:06:43 | 000,002,108 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\PowerDirector.lnk
[2012.02.24 00:06:43 | 000,001,905 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\oöweihnacht.lpp
[2012.02.24 00:06:43 | 000,000,188 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\savonarole01_de.rmvb
[2012.02.24 00:06:42 | 248,335,072 | ---- | M] ( ) -- C:\Users\ambros\Favorites\Documents\CyberLink.3022_GM3_VDE090708-01.exe
[2012.02.24 00:06:42 | 065,522,686 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Aufsaetze-II_imprimatur.pdf
[2012.02.24 00:06:42 | 062,007,387 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\DArge.wma
[2012.02.24 00:06:42 | 034,829,419 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\christaab3.wma
[2012.02.24 00:06:42 | 031,057,819 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall5-189.wma
[2012.02.24 00:06:42 | 024,614,669 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\bergkristall4-173.wma
[2012.02.24 00:06:42 | 022,234,967 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Darge1512.wma
[2012.02.24 00:06:42 | 017,233,109 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall2-155.wma
[2012.02.24 00:06:42 | 008,167,799 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall3-159.wma
[2012.02.24 00:06:42 | 006,140,244 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Boff-Antlitz.pdf
[2012.02.24 00:06:42 | 005,513,629 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\060807-002-GettyVilla001.jpg
[2012.02.24 00:06:42 | 005,469,309 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Apoll2.wma
[2012.02.24 00:06:42 | 004,373,881 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg.jpg
[2012.02.24 00:06:42 | 003,852,909 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\christa1+2.wma
[2012.02.24 00:06:42 | 003,754,129 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bergkristall1-145f.wma
[2012.02.24 00:06:42 | 003,552,971 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Alberigo_G-Das_Zweite_Vatikanische_Konzil.pdf
[2012.02.24 00:06:42 | 002,545,565 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\7769-07.pdf
[2012.02.24 00:06:42 | 002,443,480 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\5526-03.pdf
[2012.02.24 00:06:42 | 001,657,299 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Assisi.wma
[2012.02.24 00:06:42 | 001,310,179 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Ambros.jpg
[2012.02.24 00:06:42 | 001,226,259 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Apoll1.wma
[2012.02.24 00:06:42 | 001,212,789 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AssisiAncona.wma
[2012.02.24 00:06:42 | 001,176,869 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\bologna.wma
[2012.02.24 00:06:42 | 000,971,913 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg_A3HOCH_WEB.jpg
[2012.02.24 00:06:42 | 000,955,864 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+28+30.12.10.pdf
[2012.02.24 00:06:42 | 000,887,754 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\20110526_THEOfestl_szg_flyerA6HOCH_FRONT_WEB.jpg
[2012.02.24 00:06:42 | 000,751,574 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+27+16.12.10[1]
[2012.02.24 00:06:42 | 000,733,947 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\booklet_1.pdf
[2012.02.24 00:06:42 | 000,575,171 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\booklet_pdf.pdf
[2012.02.24 00:06:42 | 000,572,248 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\110420101048.jpg
[2012.02.24 00:06:42 | 000,548,269 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Beatrix2.wma
[2012.02.24 00:06:42 | 000,521,329 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abschluss.wma
[2012.02.24 00:06:42 | 000,441,371 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+36+20.04.11.pdf
[2012.02.24 00:06:42 | 000,438,063 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+31+10.02.11.pdf
[2012.02.24 00:06:42 | 000,427,304 | ---- | M] (CyberLink) -- C:\Users\ambros\Favorites\Documents\CyberLink PowerDirector Downloader.exe
[2012.02.24 00:06:42 | 000,427,039 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\beatrix1.wma
[2012.02.24 00:06:42 | 000,425,373 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+39+01.06.11.pdf
[2012.02.24 00:06:42 | 000,367,788 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+26+02.12.10.pdf
[2012.02.24 00:06:42 | 000,317,229 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\01%20Medien-Kommunikation-Kultur.pdf
[2012.02.24 00:06:42 | 000,265,668 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bibelvideostunde.pdf
[2012.02.24 00:06:42 | 000,154,560 | ---- | M] (MediaGet LLC) -- C:\Users\ambros\Favorites\Documents\crack_no_cd_pro_cycling_manager_2010.rar_mediaget.exe
[2012.02.24 00:06:42 | 000,134,901 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bus28.pdf
[2012.02.24 00:06:42 | 000,123,998 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Bus1.pdf
[2012.02.24 00:06:42 | 000,102,717 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+20+09.09.10.pdf
[2012.02.24 00:06:42 | 000,100,707 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+23+21.10.10.pdf
[2012.02.24 00:06:42 | 000,098,212 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\akabend.pdf
[2012.02.24 00:06:42 | 000,095,150 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+22+07.10.10.pdf
[2012.02.24 00:06:42 | 000,093,001 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AN+17+01.07.10.pdf
[2012.02.24 00:06:42 | 000,092,498 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Abtei+News+Nr.+15+02.06.10.pdf
[2012.02.24 00:06:42 | 000,079,788 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\164751501.PDF
[2012.02.24 00:06:42 | 000,068,150 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\ausschreibung2011_uni.pdf
[2012.02.24 00:06:42 | 000,053,760 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\Ablauf
[2012.02.24 00:06:42 | 000,050,132 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AbteiNews+Spezial+-+29.07.10.pdf
[2012.02.24 00:06:42 | 000,042,925 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\03%20Medienkritik%20Ganguin.pdf
[2012.02.24 00:06:42 | 000,036,662 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\AbteiNews+Nr.+10+25.03.10[1]
[2012.02.24 00:06:42 | 000,000,180 | ---- | M] () -- C:\Users\ambros\Favorites\Documents\090925_hinweis_default.asx
[2012.02.23 14:31:53 | 000,002,591 | ---- | M] () -- C:\Users\ambros\Desktop\Microsoft Office Word 2007.lnk
[2012.02.23 10:13:18 | 000,000,935 | ---- | M] () -- C:\Users\ambros\Desktop\Dropbox.lnk
[2012.02.23 10:13:18 | 000,000,915 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.23 10:08:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.23 10:05:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForambros.job
[2012.02.22 08:08:13 | 000,000,916 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.02.21 19:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2012.02.21 19:06:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2012.02.21 08:42:11 | 000,000,806 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2012.02.21 08:36:12 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.02.21 08:36:12 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.02.21 08:35:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.20 20:11:09 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ambros.job
[2012.02.19 18:30:56 | 000,001,190 | ---- | M] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09-Registrierung.lnk
[2012.02.17 09:06:45 | 002,292,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 08:56:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.02.07 20:39:20 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B0.LCS
[18 C:\Users\ambros\Favorites\Documents\*.tmp files -> C:\Users\ambros\Favorites\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.03 17:52:44 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.21 08:42:11 | 000,000,806 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2012.02.21 08:35:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.04 16:04:39 | 000,000,935 | ---- | C] () -- C:\Users\ambros\Desktop\Dropbox.lnk
[2012.02.03 17:00:36 | 000,000,915 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.29 10:48:11 | 000,001,478 | ---- | C] () -- C:\Users\ambros\AppData\Local\RecConfig.xml
[2011.09.21 13:19:48 | 000,000,192 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\default.rss
[2011.02.10 09:25:32 | 000,000,632 | ---- | C] () -- C:\Windows\eReg.dat
[2010.12.27 11:37:17 | 000,217,485 | ---- | C] () -- C:\Windows\hpoins39.dat
[2010.09.05 12:09:32 | 000,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2010.09.05 12:08:45 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBKIH.EXE
[2010.09.05 12:08:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
[2010.09.05 12:08:41 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2010.09.05 12:08:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2010.03.12 03:31:01 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.09.17 07:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 07:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.05 01:03:17 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat
[2009.02.28 08:58:51 | 005,068,152 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009.02.28 08:58:51 | 000,013,785 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008.12.09 19:44:58 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdpcoin.dll
[2008.12.09 19:42:10 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdprwrd.ini
[2008.12.09 19:41:58 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDPinst.dll
[2008.12.09 19:41:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdpgrd.dll
[2008.11.30 10:21:08 | 000,009,824 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\wklnhst.dat
[2008.11.23 12:40:28 | 000,026,682 | ---- | C] () -- C:\Users\ambros\AppData\Roaming\UserTile.png
[2008.10.29 17:38:12 | 000,000,487 | ---- | C] () -- C:\Windows\System32\SP701ASM.dat
[2008.10.29 17:37:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SP701ALM.dll
[2008.10.29 17:37:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SP701ASM.exe
[2008.10.04 13:49:04 | 001,012,736 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.10.04 13:49:04 | 000,012,800 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008.10.04 07:21:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.16 07:01:21 | 000,000,680 | ---- | C] () -- C:\Users\ambros\AppData\Local\d3d9caps.dat
[2008.09.11 07:43:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.10 16:44:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.09.09 21:04:14 | 000,243,200 | ---- | C] () -- C:\Users\ambros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.04 03:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.04 02:48:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.04 02:48:29 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2008.08.04 02:48:29 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2008.08.04 02:48:29 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2008.08.04 02:48:29 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2008.06.13 13:22:34 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.13 13:22:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.13 13:22:34 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.13 13:22:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.13 05:26:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.06.13 03:37:30 | 000,005,332 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.05.08 23:14:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.08 22:44:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 11:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 20:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.11.28 18:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdpvs.dll
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\ambros\AppData\Local\lame_enc.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,292,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\ambros\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\ambros\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\ambros\AppData\Local\no23xwrapper.dll
[2002.09.13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.04.01 11:00:00 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE
[2001.04.01 11:00:00 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2008.12.08 09:23:11 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Canneverbe_Limited
[2008.12.09 13:43:51 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\com.adobe.ExMan
[2012.03.03 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Dropbox
[2008.10.04 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Droppix
[2011.08.22 09:40:38 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\DVDVideoSoft
[2011.08.21 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.26 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\GetRightToGo
[2012.03.03 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\gtk-2.0
[2009.09.27 12:45:44 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\HartlauerFotoService3
[2011.10.07 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Leadertech
[2010.12.26 18:02:23 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\map&guide
[2012.03.03 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Media Get LLC
[2008.11.30 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\OpenOffice.org
[2009.03.26 22:12:37 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\PeerNetworking
[2011.10.09 10:36:42 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Pro Cycling Manager 2010
[2012.03.03 19:26:11 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\ProtectDISC
[2011.09.15 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Slitherine
[2008.11.30 10:21:10 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Template
[2012.01.21 00:58:38 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Ubisoft
[2008.12.08 13:55:26 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Video DVD Maker FREE
[2008.12.27 08:31:43 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\WildTangent
[2011.12.24 23:30:42 | 000,000,000 | ---D | M] -- C:\Users\ambros\AppData\Roaming\Winter Sports 2011
[2010.10.16 16:36:34 | 000,000,000 | ---D | M] -- C:\ProgramData\3DVIA
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009.05.29 08:47:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.10.04 13:49:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Droppix
[2008.10.04 07:23:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Elaborate Bytes
[2011.12.26 11:26:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008.12.09 19:42:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Ezprint
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.03.14 15:11:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2008.09.11 12:52:56 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010.12.26 18:00:41 | 000,000,000 | ---D | M] -- C:\ProgramData\map&guide
[2011.05.28 12:28:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Media Get LLC
[2008.09.14 07:15:32 | 000,000,000 | ---D | M] -- C:\ProgramData\OrbNetworks
[2010.07.27 10:54:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.07.25 19:45:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.01.20 22:39:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009.07.13 13:32:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2008.12.08 08:22:08 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008.06.13 05:11:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012.01.25 17:57:55 | 000,000,000 | -H-D | M] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2012.02.24 00:08:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.18 03:19:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D25907D5-CBA6-4AFE-B903-A4A2E18B8E63}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.03.03 01:15:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.12.19 13:10:30 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.29 12:15:02 | 000,000,000 | ---D | M] -- C:\COMTEST
[2009.07.29 12:15:19 | 000,000,000 | ---D | M] -- C:\COMTEST_HOME_V650
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.15 10:09:30 | 000,000,000 | ---D | M] -- C:\drivers
[2008.12.17 18:06:08 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.01.03 08:57:46 | 000,000,000 | ---D | M] -- C:\Games
[2008.06.13 05:40:31 | 000,000,000 | -H-D | M] -- C:\HP
[2008.12.09 19:47:27 | 000,000,000 | ---D | M] -- C:\logs
[2008.06.13 05:07:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.03 00:08:45 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.03.02 23:28:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.09.09 20:37:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.15 15:49:48 | 000,000,000 | ---D | M] -- C:\Slitherine Ltd
[2008.09.09 20:47:17 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.03.03 20:22:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.09 20:47:17 | 000,000,000 | -H-D | M] -- C:\System.sav
[2010.12.15 10:15:41 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.03.02 22:44:28 | 000,000,000 | R--D | M] -- C:\Users
[2008.12.08 13:55:26 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.03.03 19:26:38 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.13 13:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
[2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\Filmordner\PowerDirector\EventLog.dll
[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\PowerDirector\EventLog.dll
[2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Users\ambros\USBStick\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< CREATERESTOREPOINT >
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\ambros\Favorites\Documents\rohfassung.mpg:TOC.WMV
< End of report > --- --- --- |