| 
 Hallo, 
viel Dank für deine Antwort, der Scan hat zwar die ganze Nacht gedauert hab aber nun bei durch.  
Heute ist bis jetzt nicht einmal mehr das Problem aufgetaucht. Gestern hab ich noch die ganzen Cookies von den Browsern gelöscht und Spybot Search and Destroy drauf gemacht, kann das daran liegen? Vielleicht ist es auch nur zufall...   
Hier die Ergebnisse:   Zitat:   | Malwarebytes' Anti-Malware 1.50.1.1100
 Malwarebytes : Free anti-malware, anti-virus and spyware removal download
 
 Datenbank Version: 6677
 
 Windows 6.0.6002 Service Pack 2
 Internet Explorer 8.0.6001.19048
 
 26.05.2011 07:55:12
 mbam-log-2011-05-26 (07-55-12).txt
 
 Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
 Durchsuchte Objekte: 649146
 Laufzeit: 8 Stunde(n), 16 Minute(n), 43 Sekunde(n)
 
 Infizierte Speicherprozesse: 0
 Infizierte Speichermodule: 0
 Infizierte Registrierungsschlüssel: 0
 Infizierte Registrierungswerte: 1
 Infizierte Dateiobjekte der Registrierung: 0
 Infizierte Verzeichnisse: 1
 Infizierte Dateien: 8
 
 Infizierte Speicherprozesse:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Speichermodule:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungsschlüssel:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Registrierungswerte:
 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
 
 Infizierte Dateiobjekte der Registrierung:
 (Keine bösartigen Objekte gefunden)
 
 Infizierte Verzeichnisse:
 c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 
 Infizierte Dateien:
 c:\downloads\wichtige software\msoe2007kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
 c:\downloads\wichtige software\bilder\keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
 c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
 c:\Spiele\gta4\gta crack\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
 c:\Spiele\Lan\C&C 3\Keygen\triberum wars  keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 c:\Spiele\rockstar games\grand theft auto iv\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
 c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
 c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 
 |  und noch OTL:  
OTL Logfile:   Code: 
 OTL logfile created on: 26.05.2011 18:58:23 - Run 2OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Johannes\Downloads
 Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.19048)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,97 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 55,13% Memory free
 6,14 Gb Paging File | 4,78 Gb Available in Paging File | 77,89% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 454,56 Gb Total Space | 34,89 Gb Free Space | 7,68% Space Free | Partition Type: NTFS
 Drive D: | 11,20 Gb Total Space | 1,83 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
 
 Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2011.05.25 21:57:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL(1).exe
 PRC - [2011.05.07 12:13:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
 PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
 PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
 PRC - [2010.09.07 18:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
 PRC - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
 PRC - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
 PRC - [2009.05.15 12:36:48 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
 PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
 PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
 PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
 PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
 PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
 PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
 PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
 PRC - [2008.09.23 12:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
 PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
 PRC - [2008.09.11 13:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
 PRC - [2008.07.22 23:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
 PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
 PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Studium\Internet\VPN\cvpnd.exe
 PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
 ========== Modules (SafeList) ==========
 
 MOD - [2011.05.25 21:57:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL(1).exe
 MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - File not found [Auto | Stopped] --  -- (Norton Internet Security)
 SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
 SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
 SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
 SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
 SRV - [2010.05.22 01:44:39 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
 SRV - [2009.11.15 21:06:38 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
 SRV - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
 SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
 SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
 SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
 SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
 SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
 SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
 SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Studium\Internet\VPN\cvpnd.exe -- (CVPND)
 SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2010.09.07 17:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
 DRV - [2010.09.07 17:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
 DRV - [2010.09.07 17:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
 DRV - [2010.09.07 17:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
 DRV - [2010.09.07 17:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
 DRV - [2010.07.24 21:05:50 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
 DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 DRV - [2009.06.22 20:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
 DRV - [2009.06.22 20:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
 DRV - [2009.06.05 23:18:30 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
 DRV - [2009.06.05 23:18:28 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
 DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 DRV - [2008.09.13 09:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
 DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
 DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
 DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
 DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
 DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
 DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
 DRV - [2008.01.02 12:36:30 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
 DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
 DRV - [2007.08.29 13:07:26 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)
 DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
 DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
 DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
 DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.102:80
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
 FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 FF - prefs.js..network.proxy.backup.ftp: "172.16.1.102"
 FF - prefs.js..network.proxy.backup.ftp_port: 8080
 FF - prefs.js..network.proxy.backup.gopher: "172.16.1.102"
 FF - prefs.js..network.proxy.backup.gopher_port: 8080
 FF - prefs.js..network.proxy.backup.socks: "172.16.1.102"
 FF - prefs.js..network.proxy.backup.socks_port: 8080
 FF - prefs.js..network.proxy.backup.ssl: "172.16.1.102"
 FF - prefs.js..network.proxy.backup.ssl_port: 8080
 FF - prefs.js..network.proxy.ftp: "172.16.1.102"
 FF - prefs.js..network.proxy.ftp_port: 8080
 FF - prefs.js..network.proxy.gopher: "172.16.1.102"
 FF - prefs.js..network.proxy.gopher_port: 8080
 FF - prefs.js..network.proxy.http: "172.16.1.102"
 FF - prefs.js..network.proxy.http_port: 8080
 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
 FF - prefs.js..network.proxy.share_proxy_settings: true
 FF - prefs.js..network.proxy.socks: "172.16.1.102"
 FF - prefs.js..network.proxy.socks_port: 8080
 FF - prefs.js..network.proxy.ssl: "172.16.1.102"
 FF - prefs.js..network.proxy.ssl_port: 8080
 FF - prefs.js..network.proxy.type: 0
 
 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 12:13:14 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.23 13:44:16 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.29 10:16:23 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.05.23 13:44:16 | 000,000,000 | ---D | M]
 
 [2010.11.01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
 [2010.11.01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 [2011.05.25 11:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions
 [2010.04.28 22:07:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
 [2011.05.14 19:13:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
 [2009.11.24 17:30:40 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
 [2010.01.04 16:53:38 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\moveplayer@movenetworks.com
 [2010.04.28 22:07:48 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\youtube2mp3@mondayx.de
 [2011.02.07 12:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 [2010.06.13 10:55:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 [2010.11.04 19:44:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 File not found (No name found) --
 () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS3PA8EU.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
 () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS3PA8EU.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
 [2011.05.07 12:13:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
 [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 [2011.05.07 12:13:12 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
 [2011.05.07 12:13:12 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
 [2011.05.07 12:13:12 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
 [2011.05.07 12:13:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
 [2011.05.07 12:13:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
 [2011.05.07 12:13:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
 O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
 O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
 O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
 O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
 O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
 O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
 O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
 O4 - HKCU..\Run: [msnmsgr]  File not found
 O4 - HKCU..\Run: [OscarEditor]  File not found
 O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
 O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe (Macrovision Corporation)
 O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
 O13 - gopher Prefix: missing
 O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
 O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
 O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
 O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O33 - MountPoints2\{0b955593-e663-11de-9d55-00235a31f909}\Shell\AutoRun\command - "" = I:\Seagate\Installer\InstallSeagateManager.exe
 O33 - MountPoints2\{0b955593-e663-11de-9d55-00235a31f909}\Shell\Install\command - "" = I:\Seagate\Installer\InstallSeagateManager.exe
 O33 - MountPoints2\{1bdec2c4-1a19-11df-b205-00235a31f909}\Shell - "" = AutoRun
 O33 - MountPoints2\{1bdec2c4-1a19-11df-b205-00235a31f909}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{24b75ad4-1b1f-11df-bc08-00235a31f909}\Shell - "" = AutoRun
 O33 - MountPoints2\{24b75ad4-1b1f-11df-bc08-00235a31f909}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{3d59da78-fab0-11de-bd44-00059a3c7800}\Shell\AutoRun\command - "" = I:\eexyv.exe
 O33 - MountPoints2\{3d59da78-fab0-11de-bd44-00059a3c7800}\Shell\open\Command - "" = I:\eexyv.exe
 O33 - MountPoints2\{52dabba5-3867-11e0-a7f0-e99f12824c27}\Shell - "" = AutoRun
 O33 - MountPoints2\{52dabba5-3867-11e0-a7f0-e99f12824c27}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{5732f9ec-2955-11e0-98bb-dc9d4b940b22}\Shell - "" = AutoRun
 O33 - MountPoints2\{5732f9ec-2955-11e0-98bb-dc9d4b940b22}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{5f672ebb-3b3b-11de-aec6-00235a31f909}\Shell - "" = AutoRun
 O33 - MountPoints2\{5f672ebb-3b3b-11de-aec6-00235a31f909}\Shell\AutoRun\command - "" = G:\SetupStarter.exe
 O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell - "" = AutoRun
 O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe
 O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe
 O33 - MountPoints2\{620e2a64-c47e-11de-9c3d-00235a31f909}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe
 O33 - MountPoints2\{6e7071c3-1a18-11df-a40e-806e6f6e6963}\Shell - "" = AutoRun
 O33 - MountPoints2\{6e7071c3-1a18-11df-a40e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{6f18941a-383e-11e0-a9a4-f0513f6a3843}\Shell - "" = AutoRun
 O33 - MountPoints2\{6f18941a-383e-11e0-a9a4-f0513f6a3843}\Shell\AutoRun\command - "" = I:\AutoRun.exe
 O33 - MountPoints2\{6f189428-383e-11e0-a9a4-f0513f6a3843}\Shell - "" = AutoRun
 O33 - MountPoints2\{6f189428-383e-11e0-a9a4-f0513f6a3843}\Shell\AutoRun\command - "" = K:\AutoRun.exe
 O33 - MountPoints2\{7861d485-6fdc-11e0-8ccc-f59d454cd7db}\Shell - "" = AutoRun
 O33 - MountPoints2\{7861d485-6fdc-11e0-8ccc-f59d454cd7db}\Shell\AutoRun\command - "" = K:\AutoRun.exe
 O33 - MountPoints2\{85c7bde3-04dc-11df-8057-00235a31f909}\Shell\AutoRun\command - "" = I:\Menu.exe
 O33 - MountPoints2\F\Shell - "" = AutoRun
 O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 NetSvcs: FastUserSwitchingCompatibility -  File not found
 NetSvcs: Ias -  File not found
 NetSvcs: Nla -  File not found
 NetSvcs: Ntmssvc -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: SRService -  File not found
 NetSvcs: WmdmPmSp -  File not found
 NetSvcs: LogonHours -  File not found
 NetSvcs: PCAudit -  File not found
 NetSvcs: helpsvc -  File not found
 NetSvcs: uploadmgr -  File not found
 NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico - ()
 MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
 MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 MsConfig - State: "startup" - 2
 
 SafeBootMin: AppMgmt - Service
 SafeBootMin: Base - Driver Group
 SafeBootMin: Boot Bus Extender - Driver Group
 SafeBootMin: Boot file system - Driver Group
 SafeBootMin: File system - Driver Group
 SafeBootMin: Filter - Driver Group
 SafeBootMin: HelpSvc - Service
 SafeBootMin: NTDS -  File not found
 SafeBootMin: PCI Configuration - Driver Group
 SafeBootMin: PNP Filter - Driver Group
 SafeBootMin: Primary disk - Driver Group
 SafeBootMin: sacsvr - Service
 SafeBootMin: SCSI Class - Driver Group
 SafeBootMin: System Bus Extender - Driver Group
 SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
 SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
 SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
 SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
 SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
 SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
 SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
 SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
 SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
 SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
 SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
 SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
 SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
 SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
 SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
 SafeBootNet: AppMgmt - Service
 SafeBootNet: Base - Driver Group
 SafeBootNet: Boot Bus Extender - Driver Group
 SafeBootNet: Boot file system - Driver Group
 SafeBootNet: File system - Driver Group
 SafeBootNet: Filter - Driver Group
 SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
 SafeBootNet: HelpSvc - Service
 SafeBootNet: Messenger - Service
 SafeBootNet: NDIS Wrapper - Driver Group
 SafeBootNet: NetBIOSGroup - Driver Group
 SafeBootNet: NetDDEGroup - Driver Group
 SafeBootNet: Network - Driver Group
 SafeBootNet: NetworkProvider - Driver Group
 SafeBootNet: NTDS -  File not found
 SafeBootNet: PCI Configuration - Driver Group
 SafeBootNet: PNP Filter - Driver Group
 SafeBootNet: PNP_TDI - Driver Group
 SafeBootNet: Primary disk - Driver Group
 SafeBootNet: rdsessmgr - Service
 SafeBootNet: sacsvr - Service
 SafeBootNet: SCSI Class - Driver Group
 SafeBootNet: Streams Drivers - Driver Group
 SafeBootNet: System Bus Extender - Driver Group
 SafeBootNet: TDI - Driver Group
 SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 SafeBootNet: WudfPf - Driver
 SafeBootNet: WudfUsbccidDriver - Driver
 SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
 SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
 SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
 SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
 SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
 SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
 SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
 SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
 SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
 SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
 SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
 SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
 SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
 SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
 SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
 SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
 SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
 SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
 SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
 SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
 SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
 ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
 ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
 ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
 ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
 ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
 ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
 ActiveX: {610A36EE-F182-2DCF-EDE0-28D1587971F7} - LightScribe Control Panel
 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
 ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
 ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
 ActiveX: {8E8CAE47-26F3-1E1A-AB42-431141E1243C} -
 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
 ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
 ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 ActiveX: {E276A98D-7D10-29EA-F877-A29E36B76CD9} -
 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
 ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
 Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
 Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
 Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
 Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
 Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
 Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
 Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
 
 CREATERESTOREPOINT
 Restore point Set: OTL Restore Point
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2011.05.25 21:54:37 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
 [2011.05.25 21:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
 [2011.05.25 21:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
 [2011.05.25 21:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 [2011.05.25 21:54:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 [2011.05.25 21:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 [2011.05.24 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
 [2011.05.24 22:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
 [2011.05.24 17:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Spybot - Search & Destroy
 [2011.05.24 17:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
 [2011.05.24 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
 [2011.05.08 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\sap screens !!!!!!!!!!!!
 [2011.05.06 10:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Games for Windows Marketplace
 [2008.01.25 12:47:00 | 000,217,088 | ---- | C] ( ) -- C:\Users\Johannes\AppData\Local\Interop.Microsoft.Office.Core.dll
 [2007.08.09 16:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Johannes\AppData\Local\stdole.dll
 
 ========== Files - Modified Within 30 Days ==========
 
 [2011.05.26 18:56:34 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 [2011.05.26 18:17:37 | 000,685,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2011.05.26 18:17:37 | 000,651,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2011.05.26 18:17:37 | 000,148,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2011.05.26 18:17:37 | 000,125,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2011.05.26 18:11:50 | 000,002,515 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
 [2011.05.26 18:11:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 [2011.05.26 18:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
 [2011.05.26 18:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 [2011.05.26 18:11:08 | 000,645,792 | ---- | M] () -- C:\ProgramData\nvModes.001
 [2011.05.26 18:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2011.05.26 18:10:56 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
 [2011.05.26 08:06:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
 [2011.05.26 08:00:14 | 000,002,682 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0BCAM1P6.job
 [2011.05.25 21:54:25 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 [2011.05.24 22:32:03 | 000,002,489 | ---- | M] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
 [2011.05.24 17:47:11 | 000,001,015 | ---- | M] () -- C:\Users\Johannes\Desktop\Spybot - Search & Destroy.lnk
 [2011.05.23 13:44:17 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 [2011.05.22 22:16:49 | 000,645,792 | ---- | M] () -- C:\ProgramData\nvModes.dat
 [2011.05.19 18:18:34 | 000,007,592 | ---- | M] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
 [2011.05.06 11:17:58 | 003,472,784 | ---- | M] () -- C:\Users\Johannes\Desktop\Nadine.psd
 [2011.04.27 00:04:59 | 000,335,879 | ---- | M] () -- C:\Users\Johannes\Desktop\event4.jpg
 
 ========== Files Created - No Company Name ==========
 
 [2011.05.25 21:54:25 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 [2011.05.24 22:31:48 | 000,002,489 | ---- | C] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
 [2011.05.24 17:47:11 | 000,001,015 | ---- | C] () -- C:\Users\Johannes\Desktop\Spybot - Search & Destroy.lnk
 [2011.05.07 12:13:15 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 [2011.05.06 11:17:57 | 003,472,784 | ---- | C] () -- C:\Users\Johannes\Desktop\Nadine.psd
 [2011.04.27 00:04:55 | 000,335,879 | ---- | C] () -- C:\Users\Johannes\Desktop\event4.jpg
 [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 [2010.11.05 14:08:00 | 000,007,592 | ---- | C] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
 [2010.06.13 11:02:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
 [2010.03.20 17:47:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
 [2009.12.16 11:30:05 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
 [2009.11.29 00:31:16 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat
 [2009.11.23 20:00:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 [2009.10.17 02:38:42 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
 [2009.10.17 02:38:42 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
 [2009.10.17 02:38:42 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
 [2009.10.17 02:33:20 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
 [2009.10.17 02:17:20 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
 [2009.10.06 00:36:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
 [2009.10.06 00:35:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
 [2009.10.06 00:35:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
 [2009.10.06 00:32:41 | 000,034,816 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
 [2009.09.17 00:41:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
 [2009.09.17 00:41:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
 [2009.08.14 17:43:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
 [2009.08.09 03:43:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
 [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
 [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 [2009.06.05 23:18:30 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
 [2009.06.05 23:18:28 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 [2009.05.29 10:20:13 | 002,192,926 | ---- | C] () -- C:\Users\Johannes\AppData\Local\tmpIMG_4921.JPG
 [2009.05.07 18:15:04 | 000,014,319 | ---- | C] () -- C:\Windows\UN060501.INI
 [2009.05.07 18:15:04 | 000,005,465 | ---- | C] () -- C:\Windows\UN070209.INI
 [2009.05.07 00:22:06 | 002,138,733 | ---- | C] () -- C:\Users\Johannes\AppData\Local\tmpTON + SCHNECKEN 010.JPG
 [2009.04.30 22:02:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 [2009.04.30 22:02:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
 [2009.04.29 11:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 [2009.04.09 21:38:11 | 000,645,792 | ---- | C] () -- C:\ProgramData\nvModes.001
 [2009.04.09 16:56:00 | 000,645,792 | ---- | C] () -- C:\ProgramData\nvModes.dat
 [2009.04.04 23:57:50 | 000,157,184 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 [2008.10.22 06:37:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 [2008.10.22 06:34:24 | 000,685,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
 [2008.10.22 06:34:24 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
 [2008.10.22 06:34:24 | 000,148,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
 [2008.10.22 06:34:24 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 [2008.10.21 22:43:10 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
 [2008.10.21 21:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
 [2008.10.21 21:06:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
 [2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
 [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
 [2006.11.02 14:47:37 | 000,322,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
 [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
 [2006.11.02 12:33:01 | 000,651,472 | ---- | C] () -- C:\Windows\System32\perfh009.dat
 [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
 [2006.11.02 12:33:01 | 000,125,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
 [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
 [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
 [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
 [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
 [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
 ========== LOP Check ==========
 
 [2010.06.20 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Avery
 [2009.08.30 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Blumentals
 [2009.05.07 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
 [2009.05.07 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro
 [2011.03.11 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Desktopicon
 [2009.06.18 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\F4
 [2011.05.20 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
 [2010.08.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FOG Downloader
 [2009.09.19 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Free Monitor for Google
 [2009.08.18 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HAPedit
 [2010.02.20 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NASNaviator2
 [2009.09.22 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nvu
 [2009.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
 [2009.08.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sam Francke
 [2009.09.26 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TerraTec
 [2010.11.01 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
 [2010.01.09 10:36:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Toolbars
 [2010.02.02 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TS3Client
 [2009.04.08 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WildTangent
 [2009.12.27 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\wxMozBrowserLib
 [2009.08.14 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\XnView
 [2011.05.26 08:06:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
 ========== Purity Check ==========
 
 
 
 ========== Custom Scans ==========
 
 
 < %ALLUSERSPROFILE%\Application Data\*. >
 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
 < %APPDATA%\*. >
 [2009.10.03 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Adobe
 [2010.06.20 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Avery
 [2009.08.30 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Blumentals
 [2009.09.24 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CyberLink
 [2009.05.07 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
 [2009.05.07 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro
 [2011.03.11 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Desktopicon
 [2010.04.18 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DivX
 [2009.06.04 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Download Manager
 [2011.03.23 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\dvdcss
 [2009.06.18 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\F4
 [2011.05.20 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
 [2010.08.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FOG Downloader
 [2009.09.19 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Free Monitor for Google
 [2009.12.01 10:50:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Google
 [2009.08.18 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HAPedit
 [2009.04.04 20:00:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Hewlett-Packard
 [2009.04.29 21:45:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HP
 [2009.04.04 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HP TCS
 [2011.04.08 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HpUpdate
 [2009.04.04 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Identities
 [2009.11.15 23:36:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Macromedia
 [2011.05.25 21:54:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
 [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Media Center Programs
 [2010.06.24 09:15:48 | 000,000,000 | --SD | M] -- C:\Users\Johannes\AppData\Roaming\Microsoft
 [2009.05.27 13:48:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Mozilla
 [2010.02.20 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NASNaviator2
 [2009.09.22 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nvu
 [2009.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
 [2009.08.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sam Francke
 [2009.06.02 12:53:50 | 000,000,000 | RH-D | M] -- C:\Users\Johannes\AppData\Roaming\SecuROM
 [2011.05.25 01:28:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Skype
 [2011.05.25 00:08:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\skypePM
 [2009.04.29 11:46:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Talkback
 [2009.06.21 21:45:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\teamspeak2
 [2009.09.26 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TerraTec
 [2010.11.01 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
 [2010.01.09 10:36:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Toolbars
 [2010.02.02 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TS3Client
 [2011.05.22 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\vlc
 [2009.04.08 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WildTangent
 [2009.05.14 08:10:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WinRAR
 [2009.12.27 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\wxMozBrowserLib
 [2009.08.14 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\XnView
 
 < %APPDATA%\*.exe /s >
 [2010.02.28 12:29:31 | 000,029,184 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
 [2011.05.24 22:31:49 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
 [2011.02.17 15:10:30 | 000,010,134 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
 [2010.02.20 15:29:09 | 000,030,894 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\ARPPRODUCTICON.exe
 [2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
 [2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe
 [2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut6_6EA2867D4E8340A5A3471FF71A363544.exe
 
 < %SYSTEMDRIVE%\*.exe >
 
 
 < MD5 for: AGP440.SYS  >
 [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
 [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
 [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
 [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
 [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
 [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
 < MD5 for: ATAPI.SYS  >
 [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
 [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
 [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
 [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
 [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
 [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 [2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
 [2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
 [2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
 [2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
 < MD5 for: CNGAUDIT.DLL  >
 [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
 [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
 < MD5 for: EVENTLOG.DLL  >
 [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
 < MD5 for: IASTORV.SYS  >
 [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
 [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
 [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
 [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
 < MD5 for: NETLOGON.DLL  >
 [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
 [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
 < MD5 for: NVSTOR.SYS  >
 [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
 [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
 [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
 < MD5 for: SCECLI.DLL  >
 [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
 [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
 < MD5 for: USER32.DLL  >
 [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
 < MD5 for: USERINIT.EXE  >
 [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
 [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
 < MD5 for: WININIT.EXE  >
 [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
 [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
 < MD5 for: WINLOGON.EXE  >
 [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
 [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
 < MD5 for: WS2IFSL.SYS  >
 [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
 [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >
 [2010.07.24 21:05:50 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
 < %systemroot%\System32\config\*.sav >
 [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
 [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
 [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
 [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
 [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
 < %systemroot%\*. /mp /s >
 
 < %systemroot%\system32\*.dll /lockedfiles >
 
 <           >
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 64 bytes -> C:\Users\Johannes\Desktop\DVD x264.mkv:TOC.WMV
 @Alternate Data Stream - 64 bytes -> C:\Users\Johannes\Desktop\8.avi:TOC.WMV
 
 < End of report >
 --- --- ---  |