Bangalorean | 18.06.2012 16:43 | Na dann los: Der defogger war nach wie vor an, allerdings hatte ich die Anwendung für den Scan beendet, ebenso wie den Browser. Den Virenscanner hatte ich nur abgeschaltet.
Hier ist die OTL.txt. Eine "Extras.txt" wurde scheinbar nicht angelegt.
OTL Logfile: Code:
OTL logfile created on: 18.06.2012 16:51:03 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\(***)\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 67,57% Memory free
16,00 Gb Paging File | 13,48 Gb Available in Paging File | 84,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 38,51 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 372,06 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive L: | 465,63 Gb Total Space | 354,26 Gb Free Space | 76,08% Space Free | Partition Type: NTFS
Drive N: | 938,74 Gb Total Space | 901,14 Gb Free Space | 95,99% Space Free | Partition Type: NTFS
Computer Name: SIRIUS | User Name: (***) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.01 12:43:40 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2010.02.01 11:38:24 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
PRC - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Input Director\IDWinService.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.09 22:17:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 22:17:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.05.09 22:16:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.09 22:16:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.09 22:16:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.09 22:16:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 22:16:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011.10.01 12:43:30 | 000,368,640 | ---- | M] () -- C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 19:58:23 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007.07.11 12:27:24 | 000,400,896 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQDEVCL.DLL
MOD - [2007.07.09 00:44:16 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe
MOD - [2007.06.24 15:14:52 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMDLL.DLL
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.11.24 01:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2012.06.06 15:45:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.23 13:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.14 19:21:52 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.12 22:16:08 | 000,080,256 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010.11.16 02:32:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.07.22 18:07:05 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.04.02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 11:37:54 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.24 01:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.08 05:15:36 | 000,013,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Input Director\IDVistaService.exe -- (IDVistaService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.14 08:40:04 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.21 13:03:00 | 000,199,752 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\SysNative\drivers\uiwbrdr.SYS -- (uiwbrdr)
DRV:64bit: - [2011.10.01 12:43:36 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.16 21:15:56 | 000,096,768 | ---- | M] (Zoom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmr16usbaudio.sys -- (ZOOM_R16MTR)
DRV:64bit: - [2010.04.17 22:02:15 | 000,698,376 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2010.04.17 22:02:15 | 000,024,200 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2010.04.16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.11.05 11:48:16 | 000,655,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.11.05 11:48:16 | 000,624,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.08.28 00:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009.08.24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 20:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.05.31 11:22:08 | 000,175,880 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHF51A.sys -- (SaiHF51A)
DRV:64bit: - [2007.05.31 11:22:08 | 000,034,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiUF51A.sys -- (SaiUF51A)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007.04.23 15:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006.11.16 15:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.08.06 13:48:54 | 000,021,968 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.08.02 11:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ACRUSBTM.SYS -- (ACRUSBTM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 A2 F1 98 08 5B CA 01 [binary data]
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes,DefaultScope = {FC5B11C2-26A9-444D-9AA9-D657B68B6071}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{9380CA6A-3318-4661-A64A-C6D7EE90E8FC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..\SearchScopes\{FC5B11C2-26A9-444D-9AA9-D657B68B6071}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\(***)\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.06.05 13:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.06.05 13:49:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\(***)\AppData\Roaming\5059
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 15:45:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 09:48:42 | 000,000,000 | ---D | M]
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions
[2009.12.08 22:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9}
[2012.06.02 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions
[2010.04.28 12:17:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.16 21:36:57 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010.12.15 08:52:05 | 000,000,000 | ---D | M] (Niche Watch Tool) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
[2012.03.23 18:23:52 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2012.03.30 14:01:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.11.01 19:46:07 | 000,000,000 | ---D | M] (hideBad) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{be7e016e-4aea-4690-b59f-094890f69cce}
[2010.12.14 01:17:52 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010.03.25 21:55:44 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ctrl-tab@design-noir.de
[2012.01.05 15:20:04 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\ext@sprng.me
[2012.05.15 00:04:24 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\(***)\AppData\Roaming\mozilla\Firefox\Profiles\blewa984.default\extensions\fb_add_on@avm.de
[2012.04.03 23:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.23 09:19:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.06 15:45:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.05.12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.05.12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.05.12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012.03.14 09:11:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.05.12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\(***)\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\(***)\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: HootSuite Hootlet = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\1.5_0\
CHR - Extension: trunk.ly favorite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgfkgdojgojfgdnojldcnpojocgipim\0.19_0\
CHR - Extension: Cortex = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc\1.6.7_0\
CHR - Extension: Antworten und Mehr f\u00FCr Google+ = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea\1.52_0\
CHR - Extension: Instachrome = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldildgghjoohccppflaohodcnmlacpb\1.5.7.1_0\
CHR - Extension: Toggl = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\idlodjlnhgndgamohpahdopfchaepgfl\1_0\
CHR - Extension: Disconnect = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.4.0_0\
CHR - Extension: HootSuite = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Keyword Eye = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpecgnnihjbhfanlonlcpifjcdhpfhjm\1.1_0\
CHR - Extension: G+me f\u00FCr Google Plus\u2122 = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacdcllhgpddmlnhajiacfakhlilbicp\6.0.3_0\
CHR - Extension: Do Share = C:\Users\(***)\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf\2.1.4_0\
O1 HOSTS File: ([2012.01.04 18:52:55 | 000,440,010 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15127 more lines...
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files (x86)\SPEEDLINK Wheel Mouse\ACQTMAPP.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001..\Run: [AVMUSBFernanschluss] C:\Users\(***)\AppData\Local\Apps\2.0\XLX82QWE.PKP\HPRQLD2A.2BO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3760890407-145060311-2719059191-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3760890407-145060311-2719059191-1001\..Trusted Domains: deutschepost.de ([internetmarke] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40118.6503240741 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE83CE6-3E5B-4FFB-90BD-DF1CC0D7619B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.13 12:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.13 12:51:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe
[2012.06.13 09:16:40 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Local\Macromedia
[2012.06.11 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Malwarebytes
[2012.06.11 15:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.11 15:25:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.11 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 19:33:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.06.05 13:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 00:10:16 | 000,000,000 | ---D | C] -- C:\Users\(***)\iMapping
[2012.06.01 00:10:15 | 000,000,000 | ---D | C] -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMapping
[2012.05.24 14:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.18 16:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2012.06.18 16:05:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2012.06.18 09:29:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.17 23:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 03:04:07 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 14:13:53 | 000,000,000 | ---- | M] () -- C:\Users\(***)\defogger_reenable
[2012.06.13 14:05:19 | 000,452,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 14:04:44 | 2147,033,087 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 13:55:29 | 001,642,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 13:55:29 | 000,699,752 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 13:55:29 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 13:55:29 | 000,148,988 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 13:55:29 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 12:51:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\(***)\Desktop\esetsmartinstaller_enu.exe
[2012.06.13 09:20:50 | 000,001,303 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012.06.13 00:39:10 | 000,012,333 | ---- | M] () -- C:\Users\(***)\.bash_history
[2012.06.12 06:26:30 | 000,002,407 | ---- | M] () -- C:\Users\(***)\Desktop\Google Chrome.lnk
[2012.06.11 15:25:43 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.10 22:55:01 | 000,044,361 | ---- | M] () -- C:\Users\(***)\Desktop\Bangalorean.zip
[2012.06.10 19:33:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\(***)\Desktop\OTL.exe
[2012.06.09 16:42:12 | 000,000,600 | ---- | M] () -- C:\Users\(***)\AppData\Local\PUTTY.RND
[2012.06.05 18:23:33 | 001,091,159 | ---- | M] () -- C:\Users\(***)\Documents\(***).pdf
[2012.06.01 00:10:15 | 000,002,032 | ---- | M] () -- C:\Users\(***)\Desktop\iMapping.lnk
[2012.05.24 14:56:13 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\(***)\AppData\Roaming\*.tmp files -> C:\Users\(***)\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.13 14:13:53 | 000,000,000 | ---- | C] () -- C:\Users\(***)\defogger_reenable
[2012.06.11 15:25:43 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.10 22:55:00 | 000,044,361 | ---- | C] () -- C:\Users\(***)\Desktop\Bangalorean.zip
[2012.06.05 18:23:29 | 001,091,159 | ---- | C] () -- C:\Users\(***)\Documents\(***).pdf
[2012.06.01 00:10:15 | 000,002,032 | ---- | C] () -- C:\Users\(***)\Desktop\iMapping.lnk
[2012.05.24 14:56:13 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012.05.15 09:28:08 | 000,038,447 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.04.09 22:12:44 | 000,001,153 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\.ptbt1
[2012.02.27 11:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.12.14 18:15:24 | 000,000,018 | ---- | C] () -- C:\Users\(***)\AppData\Roaming\blckdom.res
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.16 08:43:53 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll
[2011.06.13 19:00:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\ACRUSBTM.SYS
[2011.06.10 21:15:43 | 001,598,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.01 21:44:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011.01.29 13:34:16 | 000,000,435 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2010.10.11 17:06:05 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx151ic.ini
[2010.08.22 13:25:15 | 000,012,693 | ---- | C] () -- C:\Windows\scunin.dat
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
========== LOP Check ==========
[2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team
[2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT
[2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon
[2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer
[2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software
[2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity
[2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery
[2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot
[2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent
[2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge
[2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre
[2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign
[2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1
[2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1
[2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano
[2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox
[2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software
[2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster
[2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress
[2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla
[2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!
[2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo
[2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go
[2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0
[2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe
[2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft
[2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios
[2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient
[2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ
[2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft
[2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView
[2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage
[2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum
[2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec
[2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock
[2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware
[2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey
[2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio
[2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA
[2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy
[2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera
[2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH
[2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software
[2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite
[2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress
[2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway
[2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom
[2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee
[2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus
[2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland
[2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker
[2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg
[2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion
[2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec
[2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus
[2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird
[2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3
[2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia
[2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs
[2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft
[2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2
[2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar
[2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE
[2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU
[2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm
[2010.11.28 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.11.28 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2012.06.18 08:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001Core.job
[2012.06.18 14:39:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760890407-145060311-2719059191-1001UA.job
[2011.04.20 20:11:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.01.12 14:23:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\4Team
[2009.12.20 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ABBYY
[2011.12.17 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AceBIT
[2012.01.22 14:21:36 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Adobe
[2009.12.05 00:52:35 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Amazon
[2012.03.17 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Apple Computer
[2009.12.13 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AppleTV&More
[2010.12.29 23:55:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Artisteer
[2009.11.03 00:44:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ASCOMP Software
[2012.03.19 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Audacity
[2010.11.21 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Avery
[2011.06.21 07:21:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\AVS4YOU
[2011.09.27 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BeautyPilot
[2012.04.01 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BitTorrent
[2009.11.03 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\BlogBridge
[2011.06.11 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\calibre
[2010.05.02 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010.05.26 22:34:18 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2010.12.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DataDesign
[2012.03.28 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.ebuero.air.0BA3C9D95ACADB00E530F4D1E731D855F807BD7D.1
[2009.11.02 08:39:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010.06.19 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DesktopWebAnalytics.FB5198EFD7978A66B6BD7109FD84E1C1DE681503.1
[2012.05.13 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DigitalVolcano
[2010.04.28 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\DivX
[2012.06.13 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Dropbox
[2010.04.18 10:34:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\e-on software
[2011.02.27 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\EarMaster
[2010.02.20 13:46:05 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ePaperPress
[2012.05.06 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FileZilla
[2011.11.11 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!
[2011.10.01 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.01.27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\GetRightToGo
[2012.01.01 04:45:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\go
[2012.05.06 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\gtk-2.0
[2011.06.18 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HandBrake
[2011.03.31 19:08:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Haufe Mediengruppe
[2010.09.26 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\HDRsoft
[2009.11.05 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Helios
[2012.01.22 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Help
[2009.12.19 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICAClient
[2012.01.22 14:38:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ICQ
[2009.11.01 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Identities
[2012.01.27 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\iJoysoft
[2010.12.02 22:06:00 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\InstallShield
[2009.11.02 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IrfanView
[2012.05.13 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\IsolatedStorage
[2011.07.03 16:11:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\jAlbum
[2011.01.05 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\julitec
[2011.12.14 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\kock
[2011.03.31 00:47:54 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Lexware
[2012.01.22 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Macromedia
[2012.06.11 15:25:48 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Malwarebytes
[2012.01.22 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Center Programs
[2012.01.22 14:30:39 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Media Player Classic
[2012.06.09 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MediaMonkey
[2012.05.16 13:51:20 | 000,000,000 | --SD | M] -- C:\Users\(***)\AppData\Roaming\Microsoft
[2012.06.17 13:27:31 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Mozilla
[2012.04.19 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\MysteryStudio
[2011.04.20 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Nero
[2012.04.02 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NinjaOA
[2011.10.22 00:23:56 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\NVIDIA
[2011.11.08 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\OpenCandy
[2010.10.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Opera
[2010.05.16 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\orgAnice Software GmbH
[2012.03.23 14:50:29 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PDF Software
[2012.06.05 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhonerLite
[2011.12.05 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PhraseExpress
[2011.11.09 12:38:17 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\PR-Gateway
[2012.05.07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\QuteCom
[2010.02.24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\RawTherapee
[2010.01.05 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Scribus
[2012.06.04 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Skype
[2011.11.18 09:08:24 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\skypePM
[2010.02.11 08:59:11 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Softland
[2009.11.02 09:34:23 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\SoftMaker
[2011.04.02 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Steinberg
[2010.01.20 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Subversion
[2009.11.01 23:03:01 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Talkback
[2010.04.17 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TerraTec
[2011.08.20 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\ThumbsPlus
[2009.12.08 22:38:07 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Thunderbird
[2011.06.08 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TortoiseSVN
[2011.09.12 23:03:47 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Tropico 3
[2011.12.16 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\TuneUpMedia
[2011.12.14 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\UAs
[2012.04.24 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Ubisoft
[2011.09.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Viewer2
[2011.01.26 00:03:21 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\w.bloggar
[2010.05.02 00:24:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\Wacom
[2010.05.02 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010.11.15 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WEB.DE
[2012.06.13 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTablet
[2010.05.02 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\WTouch
[2011.03.03 01:52:14 | 000,000,000 | -HSD | M] -- C:\Users\(***)\AppData\Roaming\wyUpdate AU
[2011.12.14 18:37:28 | 000,000,000 | ---D | M] -- C:\Users\(***)\AppData\Roaming\xmldm
< %APPDATA%\*.exe /s >
[2011.12.18 14:24:49 | 000,284,160 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_de.exe
[2011.12.18 14:24:49 | 000,282,624 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\AceBIT\ASEOPS 8\Temp\tidy_en.exe
[2009.12.29 14:17:06 | 003,014,000 | ---- | M] (ASCOMP Software GmbH ) -- C:\Users\(***)\AppData\Roaming\ASCOMP Software\HDD-Booster\hddboost.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\(***)\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.04.02 08:03:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007.07.17 07:23:00 | 003,553,680 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe
[2010.05.29 21:38:08 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\(***)\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2010.12.04 00:08:35 | 000,004,710 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}\ARPPRODUCTICON.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_02506422F3D2BE4CA37487.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_267C690D0AFBAADCB8FC6B.exe
[2011.07.14 00:27:10 | 000,010,134 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_4F0256E95A66B02112203A.exe
[2011.07.14 00:27:10 | 000,137,750 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe
[2009.11.29 19:44:47 | 000,029,926 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2012.04.17 19:42:39 | 000,031,232 | R--- | M] () -- C:\Users\(***)\AppData\Roaming\Microsoft\Installer\{8505C641-422E-4E3C-B6B0-0F070E289FDD}\Icon8505C6411.exe
[2011.08.10 00:21:30 | 028,982,144 | ---- | M] (TuneUp Media, Inc.) -- C:\Users\(***)\AppData\Roaming\OpenCandy\30B3F734FEE94F99877E9994E73B89B4\TuneUpInst-2.2.1-cmp218.exe
[2012.06.05 16:29:48 | 004,873,272 | ---- | M] (Heiko Sommerfeldt ) -- C:\Users\(***)\AppData\Roaming\PhonerLite\PhonerLiteSetup.exe
[2007.11.28 13:03:40 | 000,523,776 | ---- | M] () -- C:\Users\(***)\AppData\Roaming\SoftMaker\smun3250.exe
< %SYSTEMDRIVE%\*.exe >
[2004.03.10 23:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows:E4421082D031DC8B
< End of report > --- --- --- |