Rapunzel | 03.01.2013 18:37 | Code:
# AdwCleaner v2.104 - Datei am 03/01/2013 um 18:29:50 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Edith - EDITH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Edith\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [49896 octets] - [03/01/2013 15:17:39]
AdwCleaner[R2].txt - [1069 octets] - [03/01/2013 18:29:30]
AdwCleaner[S1].txt - [49039 octets] - [03/01/2013 18:18:59]
AdwCleaner[S2].txt - [1003 octets] - [03/01/2013 18:29:50]
########## EOF - C:\AdwCleaner[S2].txt - [1063 octets] ########## Code:
OTL Extras logfile created on: 03.01.2013 18:41:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,88% Memory free
6,22 Gb Paging File | 5,10 Gb Available in Paging File | 81,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,59 Gb Total Space | 116,33 Gb Free Space | 50,02% Space Free | Partition Type: NTFS
Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 35,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006954EA-33EB-4662-842D-0ED75DD46D48}" = rport=138 | protocol=17 | dir=out | app=system |
"{076F689E-8ECD-49E8-A6B7-2C378EFA8001}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{158A323B-9C9C-49CC-88F6-9CD905A9329C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1C9DCB09-DDC2-4518-B255-B85D904D8A16}" = rport=445 | protocol=6 | dir=out | app=system |
"{378D3547-7232-430F-BB97-950712323872}" = rport=139 | protocol=6 | dir=out | app=system |
"{64760F7B-A695-459C-8A9F-DA03B5794472}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E1202A5-ACBB-434E-BA4D-CDD4028A90E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{713027EE-D076-43AF-922B-152A5683D367}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{9153DF09-CB74-44B5-9907-3A5408B5B33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B226DB71-3A87-47DD-91DF-79157A395E3F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAC019C5-CB53-4DF6-AB6B-176CFF971BC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EE0D3293-F606-4D14-A416-7A2174A78452}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0300E0-A979-4BAF-99B6-D1E1A16B62FD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0F4BC87E-4228-4DAF-A68C-0B4ADE147DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{12A2D350-28D1-4D9D-8529-AB016AB1C531}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{29FF0134-CA76-4EA9-A866-900368701297}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C88ADDF-D00B-47B0-A939-6529FAB84096}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{44F6BF40-064A-4511-A88A-11F2346325B6}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{450833A5-9B15-4522-A5B8-DAB59789A67C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{5F0717ED-4813-42AF-B6C4-0FC5D9F9227F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{725B2B26-300D-42E2-BC4D-FDCD06C164CD}" = protocol=17 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe |
"{78F19545-1C99-4A05-8C12-DC0A101ED625}" = protocol=6 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe |
"{7FC539DC-5998-4546-ABC2-AD96E2392336}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{842CF817-E40C-4A33-B135-30D12DC90F21}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{984D4E27-97C0-4E6A-811E-CF5BBEB3E983}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B0C4A9FA-72B1-4FBB-B296-24B4A5D03155}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C33B3561-5982-4C24-ACA4-945964DAD405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C4C37BC7-AB14-42D3-BAB2-2C8502F01D02}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CBD20412-4AE2-410E-B5BF-E26CD4BCBDCD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D4C0F7E0-D2A5-4F32-BD66-7F5C599ADD23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D7DD609E-67B8-4721-A1F7-AAFEB4DA645A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E612B596-AA13-4AD5-8501-7C1BE788A785}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E7FE9AAF-B804-4E40-B0B7-8B72E9B91ECA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EC48B1AF-1698-461C-9F67-6C2A96872912}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F849A470-A959-46AE-909C-AF15096DB7A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FFFCBA17-1084-478B-AD4A-BB469A226CD1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04440141-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Professional 2004
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1BA978E7-2F4C-442F-BB58-6DCCC6BB0074}" = Haushaltsbuch8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 7.0 with 5.1ch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114039310}" = Turbo Subs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114669510}" = Egyptian Ball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115050127}" = Mystery PI The Vegas Heist
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115430860}" = Amazing Adventures Around The World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116609607}" = Undiscovered World The Incan Sun
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117327560}" = Kuros
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117398253}" = Build a Lot 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117673440}" = Hide and Secret 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117770767}" = Every Day Genius Square Logic
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117779147}" = Age of Oracles TM Tara’s Journey
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118514767}" = Youda Fairy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118753180}" = Agatha Christie Bundle - 3 in 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"510005827" = Crazy Rings
"510005835" = Oddly Enough - Pied Piper
"510006725" = Worlds Greatest Temples Mahjong
"510006975" = Amulet of Time: Shadow of la Rochelle
"510006978" = Sticky Linky
"510006983" = Hide & Secret - The Lost World
"510006995" = Isla Dorada The sands of Ephranis
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"amelie'scafedeluxe" = Amelie's Cafe Deluxe
"avast" = avast! Internet Security
"Diamond Caves 3" = Diamond Caves 3
"ElsterFormular 11.2.0.4074" = ElsterFormular
"Google Desktop" = Google Desktop
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT)
"king.com" = king.com (remove only)
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NetSight" = Nielsen Online
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Online Games Manager" = Online Games Manager v1.10
"Shockwave" = Shockwave
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gemini Lost Deluxe" = Gemini Lost Deluxe
"Wandering Willows Deluxe" = Wandering Willows Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2012 00:38:06 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.04.2012 00:39:24 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2012 07:23:45 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.04.2012 07:23:46 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.04.2012 07:25:21 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2012 16:36:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.04.2012 16:36:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.04.2012 16:37:57 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2012 03:16:38 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.04.2012 03:16:39 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
< End of report > Code:
OTL logfile created on: 03.01.2013 18:41:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,88% Memory free
6,22 Gb Paging File | 5,10 Gb Available in Paging File | 81,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,59 Gb Total Space | 116,33 Gb Free Space | 50,02% Space Free | Partition Type: NTFS
Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 35,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Edith\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\nsmmc.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npfirefoxprocessor.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npwmi.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npsurvey.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npsp1.dll ()
MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\communication.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
MOD - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe ()
MOD - C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll ()
MOD - C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll ()
MOD - C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (NielsenUpdate) -- C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (nnfwdk) -- C:\Programme\NetRatingsNetSight\NetSight\meter8\nnfwdk.sys (The Nielsen Company)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes\{181DC6FE-6D1D-4817-A41E-8BBBAB8A0928}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
[2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions
[2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NielsenOnline] C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - Startup: C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\EROPROJ.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..Trusted Domains: localhost ([]http in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} hxxp://acerde.oberon-media.com/online/online2/zuma/oberongamesloader.cab (OberongamesLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96895559-8754-4D3B-8B4B-1A2717C5CBFC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG
O24 - Desktop BackupWallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell - "" = AutoRun
O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell\AutoRun\command - "" = L:\Password.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.03 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.12.22 03:03:52 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 03:03:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 06:35:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.14 06:35:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.14 06:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.14 06:35:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.14 06:35:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.14 06:35:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.14 06:35:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.14 06:35:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.14 06:31:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.12.14 06:31:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012.12.14 06:31:28 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.12.14 06:31:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.12.14 06:31:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.12.14 06:31:24 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.12.13 11:44:52 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.13 11:44:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012.12.13 11:44:51 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.13 11:44:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
========== Files - Modified Within 30 Days ==========
[2013.01.03 18:38:31 | 035,526,599 | ---- | M] () -- C:\Users\Edith\Desktop\Firefox 17.0.1.dmg
[2013.01.03 18:31:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.01.03 18:31:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 18:31:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 18:31:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 18:31:24 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 18:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edith\Desktop\OTL.exe
[2013.01.03 18:18:59 | 000,000,240 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.03 18:17:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.03 15:28:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.03 15:12:15 | 000,551,997 | ---- | M] () -- C:\Users\Edith\Desktop\adwcleaner.exe
[2013.01.03 06:30:07 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Edith.job
[2012.12.27 12:20:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 12:20:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 12:20:54 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 12:20:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 03:23:00 | 000,437,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.12 15:11:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 15:11:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.01.03 18:38:31 | 035,526,599 | ---- | C] () -- C:\Users\Edith\Desktop\Firefox 17.0.1.dmg
[2013.01.03 18:29:11 | 000,551,997 | ---- | C] () -- C:\Users\Edith\Desktop\adwcleaner.exe
[2013.01.03 18:18:59 | 000,000,240 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.12.14 06:31:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 06:31:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.05.28 08:16:45 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2011.03.06 15:08:24 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.29 13:13:59 | 000,001,356 | ---- | C] () -- C:\Users\Edith\AppData\Local\d3d9caps.dat
[2010.05.29 19:09:18 | 002,316,435 | ---- | C] () -- C:\Users\Edith\schmehle2.jpg
[2010.05.29 19:08:52 | 002,026,392 | ---- | C] () -- C:\Users\Edith\schmehle1.jpg
[2010.05.29 19:08:21 | 002,139,614 | ---- | C] () -- C:\Users\Edith\schmehle.jpg
[2009.08.20 19:19:21 | 000,052,224 | ---- | C] () -- C:\Users\Edith\Zeitungsliste.xlr
[2009.05.26 10:40:31 | 000,004,962 | ---- | C] () -- C:\Users\Edith\AppData\Roaming\wklnhst.dat
[2009.05.14 20:10:21 | 000,027,648 | ---- | C] () -- C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.13 23:40:24 | 000,007,090 | ---- | C] () -- C:\Users\Edith\AppData\Local\slot1.mm1
========== ZeroAccess Check ==========
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 407 bytes -> C:\ProgramData\TEMP:B890E098
@Alternate Data Stream - 405 bytes -> C:\ProgramData\TEMP:80873EE2
@Alternate Data Stream - 403 bytes -> C:\ProgramData\TEMP:AB985F7C
@Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:F0A4F95E
@Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:3A35C29C
@Alternate Data Stream - 400 bytes -> C:\ProgramData\TEMP:C72E5875
@Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:E1A68E67
@Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:CB66E9B7
@Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:9A071EA2
@Alternate Data Stream - 396 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 395 bytes -> C:\ProgramData\TEMP:D4CD7005
@Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:94C8B75E
@Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:44B5FE44
@Alternate Data Stream - 393 bytes -> C:\ProgramData\TEMP:28A1F3CB
@Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:CE1DA626
@Alternate Data Stream - 391 bytes -> C:\ProgramData\TEMP:E96C83D4
@Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:BE03B635
@Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:92B1F486
@Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:5177EEE7
@Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:387A6F49
@Alternate Data Stream - 388 bytes -> C:\ProgramData\TEMP:A060A953
@Alternate Data Stream - 385 bytes -> C:\ProgramData\TEMP:1F3EEC32
@Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:F85284EA
@Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:02067B2A
@Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:D6BDD51E
@Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:B01C2351
@Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:4C96DCB8
@Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:453C1FA2
@Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:3CC5A5D1
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FEE5129B
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FBC7D82D
@Alternate Data Stream - 379 bytes -> C:\ProgramData\TEMP:9060A47A
@Alternate Data Stream - 376 bytes -> C:\ProgramData\TEMP:804A4210
@Alternate Data Stream - 369 bytes -> C:\ProgramData\TEMP:E5E4A530
@Alternate Data Stream - 367 bytes -> C:\ProgramData\TEMP:4B476508
@Alternate Data Stream - 365 bytes -> C:\ProgramData\TEMP:5A05820A
@Alternate Data Stream - 361 bytes -> C:\ProgramData\TEMP:8BC965A1
@Alternate Data Stream - 357 bytes -> C:\ProgramData\TEMP:1D32EC29
@Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:DE3A8059
@Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:83FDB6DC
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:94B65E3C
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:BA660D25
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:EF20E652
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:07E55929
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C7F76735
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:9F9D57FD
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:2C16E576
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:20D0F267
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:E1B0CF05
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:5690D76E
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:A2FC7F08
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:92298B59
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:683BD5A8
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:65AAB2AD
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:26B7B9EA
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0B32B6C9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E779F65A
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C0601E00
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:874EE5CB
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:7A30DA6A
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E1031541
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:9959803A
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1DECED1B
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1C93E55E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1960DAF2
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9A7901A9
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9756362E
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:3D11302A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:2D6D1D25
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:21637AEC
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1B1330FD
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1A60DE96
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05650B69
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0105A66F
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDE8EA85
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:E189EC1B
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:CD6978FC
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ACFD5043
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:AC57032B
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A5808D58
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A118E9A3
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9CD61266
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9A842F5C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:942BD321
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:61FB58C9
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3EEE7620
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3B9582E0
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF919E6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E7F71472
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E35A81F4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DB4758C6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:BAE8784F
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:A967571A
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8FF962C6
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7FB8A209
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:68C4BECC
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:3C75E5BE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:049C87B7
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F62CAE78
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EF4B1DA9
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EDED3240
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC36F550
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C9F873D0
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C5C5F2F2
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B1B9AE56
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B110897C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AE78B77A
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:99A72E3A
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:81C88EA7
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7991541F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:700B8E2E
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5E0617AC
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:21745EE1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:01D3D7F4
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ECB488E5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E6E9EB6C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E10DCAF3
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D16A56DE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BA4AE5FC
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ACDADE10
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AB554F94
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9BE4A88F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:948CDB3D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6B9828AE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E748D4C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E4A7758
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:56530ABD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4EB84EC1
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:41326804
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2E0A3B1D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:26EE282C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:24AB14E7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:23A1F55B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:20FFCF0B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1D9ED8F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:158CC5FF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:0EC9720B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FC89CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EC4E61E4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CD9B334A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:BD8705CE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ABD3B354
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A68B9D77
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8FC027DE
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:88BFF41D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:794BB94F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:742F1EE5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4D3513A5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3BAD46F6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:26C2E4B1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:17FF6514
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:0AE8FC60
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD20BDA6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F59916B9
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DE22D45C
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABA71843
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:730BC923
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:53992C73
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3612C9BE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2D1BE4C6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24DC7949
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2085D07D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E463CA56
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E3AFC61E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1069F99
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEED62ED
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BAD88AD2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8D79965B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AD1F2E0
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:82C50600
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:77271429
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6B5A665E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:53F381F1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:531637AD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:442B1B91
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3EA1C214
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:29DA7FEE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:18295838
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:06253D7D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FA8ADCCD
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F19EC797
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CBCE0A92
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C226A7C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B8B102B9
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:7C4DCB5B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:765C6A14
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:593E515D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:43ABA97D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:375B96CE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:34BCB6A9
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:226A6E31
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C5A6770
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F79DAA38
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E60D24D7
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8E9D804
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C104B0EF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9B750A13
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:97AB2056
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7E100A8C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60D0CFE2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:48529647
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:45BC0AAA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3965C4E8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:204BEE0F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:16A2C6C0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E37A445
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FB914833
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EF2D54F9
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DD3F5AF4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D74C2847
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C44E62F1
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B9775780
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:ADE91125
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB5B8755
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8A026284
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:81F83028
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7E26B7DC
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5D2DC0A6
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35632DDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:232300C2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1D60AEC3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1CE3DF80
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FE144218
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E7700065
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E31D4564
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C70C12CF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:ACCFB883
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9C7B545
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9B2AAD0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A362A045
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9B9441A5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9AB9ECE0
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8C443193
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:69FA7876
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6051163F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5A13AEC2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A48591F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:195E9213
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:100384F2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0D864221
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:003A85AC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F565FB91
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DBA1A307
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DB563BE7
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B5D277AB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9C504A4D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BCE9E9B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9658F8A2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93CE17D1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8E6845BC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8BBD1F9A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:80A70180
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7EE43C06
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:74456BF5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5304CF6F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F8BECB9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:46545F5C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2B059D79
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:268F887D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:13B137AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E0CDAF60
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D93DCF15
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D77C0A61
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D417F0D5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:792C1D5C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:61AF91EC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3FF8D96E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3F22DA14
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A615C9C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0E341035
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0256104B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E62BE020
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E40BF3ED
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E22211E1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B79388B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B310C233
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:ADCBD4B1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A13E0480
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9C5E2795
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9296EC11
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8F76671E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6720DF40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:49F896E9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:3064D21D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1DFC024D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:19AD1878
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F68CB977
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D478F292
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C71DF9C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36E5828
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:956EC010
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:898C038B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:84744B34
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798F4CE4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7079A696
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:52FE3CCD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4C33F119
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:45A334DD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:404C30E3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:20B17557
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:18FCA3F2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17C6C557
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:072B9E55
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F82CA780
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F2F115B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F1FE38D7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D8EA2847
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D3930F74
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:858D9994
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80234CE0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4EAD6852
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4B112591
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:386E239F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:38317199
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:30F1AD86
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:023F0743
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDD78BE5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E4EAA06A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE38CB5F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D61069DE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CDA9D806
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C2E33402
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7DFDF9DF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:651AC260
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3A29D202
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:39294FE1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B154164
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1AD5880D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:174B11D8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:15FA1ECB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C9B93CC4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:91DFBB4A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8F7ECF6A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:87F524B2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8599F087
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7C0CBD4C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7B227418
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:76986D86
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6CFD36EA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4890C28A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:322EAACD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2E0BE9CA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CBB1EC8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2504A086
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:225C4FFC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E640041
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:09DC8014
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FACC16FC
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FA45F5FF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F4BE8180
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F42CF153
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D0397AE3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C762A926
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C4AAD3E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:97A03D0F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:902B6A44
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:47317C33
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:42275BC2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:373C6DC2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2A5BC0A9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26140299
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1FDDA142
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1ECB0F6C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1DDD0008
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F131B2B8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E6B1AD87
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3FFFBA9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B837C568
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A6A9036
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:73CCE32D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6FCD73D7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:63A71C6F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:55781AF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:516FF8A1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3E424252
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3D4CCD1E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:22C80839
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1AE68282
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EB3A09D6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA43B001
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5E0BCE9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:949E3D1B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7D49B96B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64A7B9DE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:51F17074
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5199C971
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:017D5143
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E8F2A400
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BC521608
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A3F4C22C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:98A71B94
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:74699137
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:595E476D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:45E33ED2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39F44D9C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A0E0B9F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:20B9E63F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D20FFA63
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C5B70C5D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:88555A1F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8750DCE4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70F0A2F4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6C22B38A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48070A48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4300D829
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2F46E9A6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1AF93AF4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A18093F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:01453AF3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F86CC73E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E8E51D31
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6C2C750
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D5C1AF61
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CCF42AF8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A9D9351A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4AD016E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:98104906
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8DD623B3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8C885EDD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7D2C5D65
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:799B8AA7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:793ABD2B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6C3B96F0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:51C0853C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3E7C402E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:087D1C56
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:01EDA307
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D091E13E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C6DBBC03
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B8EA2C49
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8F925134
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8D8F3340
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52A42F4C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4DBBB4EA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4B1807BE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:369A9F46
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:30376ACC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0503B6B8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F6E5C7FB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D30CE047
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CCBF0D67
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B358A070
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8F5346F2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51387F29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:07A75CBF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F9CEBD79
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E9CB5ECC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D43ACD11
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C7D36B80
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B42328DE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:92209557
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90FE524C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:895798AD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:85B53F5F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E68DD27
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:756C8543
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:741CA49D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5743A858
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DE8C719
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3867977D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2A8A3140
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:02C1CB6D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FDA8D6AE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F84F494D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E7AD9690
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E749BCD7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DF3D49ED
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C77DCC63
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A86C3734
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A0405560
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9E64EBA6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8C84073F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:857692EC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:85526F54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:77B90F12
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6C81A062
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5B111056
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:54F7A151
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:53546330
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2E964D2D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1AAEFD5D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1013B07C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DF5BAC78
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DE29D4A1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DAFAF1BF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C8D1C36C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BE9A1C90
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A833FADB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3857D86
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:93F6D130
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:864A52B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4ABFB16D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3FBB88CF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3CA18B6B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38788EA7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3095BD69
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1BC99E01
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ED66F190
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E6433F27
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E2C7E93F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D44D0CA3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ABCD2B94
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9950163C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E158DDD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:409F27A9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33C7F7F2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0A9883D3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D5458F6B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4EDDC66F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6BE1CEA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5EC637CB
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFA00BA4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:74BB299D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D723B3A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F791B5EF
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D68C96C3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C4F2D2B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81365633
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:56AB0B90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:45E74272
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:147DA06A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F7124EAF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A78FEBF9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93C494CA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:40DEEFF7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D226F1A4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2411B07C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CFE0B346
< End of report > Ich hab das problem mit dem Runterladen aber immer noch, wenn ich z.B. OTL runterladen möchte, dann geht das Downloadfenster auf, da wird mir der Pfad und der Status angezeigt und zum Schluss (die letzten 5% des Downloads) kommt dann eine Sicherheitsüberprüfung die mir jedes Mal erklärt das Programm konnte nicht runtergeladen werden weil ein Virus darin gefunden wurde. Ich kriege dort aber auch nicht mehr Infos über diese Sicherheitsüberprüfung. Dann hatte ich vorhin die Internet Explorer Einstellungen zurückgesetzt, dann hab ich home.sweetim.com wieder als startseite?! |