| Lindenblatt | 08.07.2013 21:53 |
hier kommt es...da kommt immer noch conduit vor... Code:
OTL logfile created on: 08.07.2013 21:54:33 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marvin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,79 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 56,41% Memory free
7,58 Gb Paging File | 5,78 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 48,18 Gb Free Space | 41,38% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 300,56 Gb Free Space | 91,68% Space Free | Partition Type: NTFS
Computer Name: MARVIN-ASUS-PC | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Marvin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
========== Services (SafeList) ==========
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (HerculesDJControlMP3) -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE ()
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (HDJMidi) -- C:\Windows\SysNative\drivers\HDJMidi.sys (© Guillemot R&D, 2011. All rights reserved.)
DRV:64bit: - (Bulk) -- C:\Windows\SysNative\drivers\HDJBulk.sys (© Guillemot R&D, 2010. All rights reserved.)
DRV:64bit: - (HDJAsioK) -- C:\Windows\SysNative\drivers\HDJAsioK.sys (© Guillemot R&D, 2010. All rights reserved.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (FLxHCIc) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5CEDED44-6AC9-4D05-BC6C-C37A62EA6458}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{83AB9179-F873-4610-8D60-B66887426306}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D06348A1-88F3-44E4-8550-B60C6E904AAD}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN14196662901802721&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.08 13:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 18:20:03 | 000,000,000 | ---D | M]
[2011.05.07 22:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions
[2013.07.04 15:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\0qglo99j.default\extensions
[2013.07.04 14:45:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\0qglo99j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.07.04 01:27:34 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\0qglo99j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 21:45:25 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\0qglo99j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.07.04 15:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.04 15:56:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.08 13:40:59 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
O1 HOSTS File: ([2011.04.16 16:39:42 | 000,432,374 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14880 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [Mobile Connection Manager] C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe (Telefónica)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC29530-B585-4B50-A41F-6397B5F314AC}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2470DCAB-3795-41FB-B786-74486CA7C273}: DhcpNameServer = 192.168.27.254 192.168.12.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504E6958-786F-4417-A185-122CC8BB6A89}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55373C9D-66AF-4B94-B9B0-22FB7CEE5BE8}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ED007E5-8189-47F1-832E-6BCD82301358}: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EE0405E-EC6F-4AC5-9F09-9EB917BFA16B}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F69373A-D270-422B-BE3B-6EE0F84E852E}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80489CFE-98F6-4AB5-9557-F1C9ECC39641}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D00EE4C-37AB-4BC3-93EE-4BF885A76BE9}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93BD9D73-2450-4013-9619-49158B83F271}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B35B9BE-BED2-42C7-BD7D-12D7A3FFCE74}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B519ECF-DA4F-4AB4-B1AF-864A8EAACD68}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A2E1D9-0144-41CA-822B-3FD4FF9F3BF0}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B655DD05-D42E-4438-AA1F-665D1DE8F241}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DDB3B4-BF63-4BC1-A3E8-F177A6BC3680}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F571C9-7441-4443-82D9-FE43E85167ED}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5C055CF-7D2E-436F-B8CB-50572BB21F31}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC75BF97-16C9-4E27-B555-9D5A00D01FA1}: NameServer = 193.189.244.206 193.189.244.225
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{015e6f02-d20a-11e2-8725-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{015e6f02-d20a-11e2-8725-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{025cbcde-43ac-11e2-8825-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{025cbcde-43ac-11e2-8825-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c55ec53-2dcc-11e2-9d40-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{0c55ec53-2dcc-11e2-9d40-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c7cfd13-b042-11e2-8469-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7cfd13-b042-11e2-8469-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0eed2bd6-c23a-11e2-b87c-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{0eed2bd6-c23a-11e2-b87c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f0cda3f-583a-11e2-a28b-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{0f0cda3f-583a-11e2-a28b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0f12973b-26c7-11e2-be18-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{0f12973b-26c7-11e2-be18-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10197f40-356a-11e2-95f3-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{10197f40-356a-11e2-95f3-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e47744-3d27-11e2-9046-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{14e47744-3d27-11e2-9046-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{171773ff-3a5b-11e2-84d0-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{171773ff-3a5b-11e2-84d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{17b47408-46f8-11e2-b0fc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{17b47408-46f8-11e2-b0fc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{18a13426-22a8-11e2-8201-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{18a13426-22a8-11e2-8201-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2a17a0e8-c001-11e2-97ab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2a17a0e8-c001-11e2-97ab-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2ae232db-20fa-11e2-ae0c-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae232db-20fa-11e2-ae0c-001e101f2500}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2d952d9d-b515-11e2-965c-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{2d952d9d-b515-11e2-965c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2f170683-ed68-11df-b844-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2f170683-ed68-11df-b844-806e6f6e6963}\Shell\AutoRun\command - "" = E:\JAWSsetup.exe
O33 - MountPoints2\{38c68e5e-35a6-11e2-8b9e-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{38c68e5e-35a6-11e2-8b9e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{407403c8-1550-11e2-9f8c-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{407403c8-1550-11e2-9f8c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43db5c07-76ab-11e1-8569-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{43db5c07-76ab-11e1-8569-485b399b5ba0}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{45a87aac-c3cf-11e2-823b-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{45a87aac-c3cf-11e2-823b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{45d704b1-19f3-11e1-8b1f-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{45d704b1-19f3-11e1-8b1f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{46fc08c9-bff4-11e2-ac60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46fc08c9-bff4-11e2-ac60-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{48f253cb-cded-11e2-9b15-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{48f253cb-cded-11e2-9b15-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4d036a7f-4774-11e2-8e65-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{4d036a7f-4774-11e2-8e65-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4f6f5ce8-478c-11e2-9c12-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4f6f5ce8-478c-11e2-9c12-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{559c94fb-43db-11e2-bb31-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{559c94fb-43db-11e2-bb31-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{57d95883-22ca-11e2-81df-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{57d95883-22ca-11e2-81df-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5ea50d18-33f4-11e2-94d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea50d18-33f4-11e2-94d8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5f9d9c7d-1932-11e2-869d-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{5f9d9c7d-1932-11e2-869d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61789fa0-356b-11e2-914d-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{61789fa0-356b-11e2-914d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61dd76f1-6bdd-11e2-9862-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{61dd76f1-6bdd-11e2-9862-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{63eabf8e-4474-11e2-a64e-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{63eabf8e-4474-11e2-a64e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{65494461-d2da-11e2-af37-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{65494461-d2da-11e2-af37-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6eabc6bb-2dd4-11e2-a494-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{6eabc6bb-2dd4-11e2-a494-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74f695fc-46f1-11e2-8dc9-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{74f695fc-46f1-11e2-8dc9-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{760eb031-3f00-11e2-bb0f-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{760eb031-3f00-11e2-bb0f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7eb72733-4883-11e2-9283-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{7eb72733-4883-11e2-9283-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f33949d-4a1a-11e2-af92-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{7f33949d-4a1a-11e2-af92-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8984d162-c011-11e2-b6a3-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{8984d162-c011-11e2-b6a3-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{958efed5-3977-11e2-973d-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{958efed5-3977-11e2-973d-001e101f8ed0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{96460fa5-1546-11e2-99d0-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{96460fa5-1546-11e2-99d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{96460fb4-1546-11e2-99d0-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{96460fb4-1546-11e2-99d0-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{96460fe7-1546-11e2-99d0-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{96460fe7-1546-11e2-99d0-001e101f57d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{971619bd-397c-11e2-912f-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{971619bd-397c-11e2-912f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9937d8d4-5338-11e2-a2ec-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{9937d8d4-5338-11e2-a2ec-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a058a2e3-3261-11e2-a95a-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{a058a2e3-3261-11e2-a95a-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a3ed9559-3ef8-11e2-8301-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{a3ed9559-3ef8-11e2-8301-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a638b329-6be5-11e2-a2ce-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{a638b329-6be5-11e2-a2ce-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac8002a6-189b-11e2-90b8-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{ac8002a6-189b-11e2-90b8-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{afd6be2d-6f06-11e2-87be-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{afd6be2d-6f06-11e2-87be-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b44ce749-3980-11e2-96a7-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{b44ce749-3980-11e2-96a7-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b4f2af3e-1c57-11e2-9f5b-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{b4f2af3e-1c57-11e2-9f5b-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b61be933-68af-11e2-9828-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{b61be933-68af-11e2-9828-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b918f8e8-c24d-11e2-acc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b918f8e8-c24d-11e2-acc8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{be60f5c4-2f3d-11e2-9f1c-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{be60f5c4-2f3d-11e2-9f1c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bf470a36-b0d3-11e2-886a-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{bf470a36-b0d3-11e2-886a-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c0b2ab0e-49f2-11e2-915d-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b2ab0e-49f2-11e2-915d-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c718fae2-3e57-11e2-ae2c-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{c718fae2-3e57-11e2-ae2c-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cbf996f4-26b5-11e2-9667-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf996f4-26b5-11e2-9667-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc3e49a8-4775-11e2-8711-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc3e49a8-4775-11e2-8711-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d1de1d5a-28f1-11e2-97c7-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{d1de1d5a-28f1-11e2-97c7-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d33ec85f-787b-11e2-a704-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{d33ec85f-787b-11e2-a704-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d8b90ad2-bfed-11e2-b22e-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b90ad2-bfed-11e2-b22e-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de616e3c-17a2-11e2-91a3-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{de616e3c-17a2-11e2-91a3-001e101fb45e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1fc7bf7-c262-11e2-8ae4-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{e1fc7bf7-c262-11e2-8ae4-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e2247bc1-7879-11e2-8875-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{e2247bc1-7879-11e2-8875-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e24690e2-c55a-11e2-a439-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{e24690e2-c55a-11e2-a439-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e32386c8-c002-11e2-8467-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e32386c8-c002-11e2-8467-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ea6a403c-21f5-11e2-a0e1-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{ea6a403c-21f5-11e2-a0e1-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{edf39b09-2e70-11e2-8b3f-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{edf39b09-2e70-11e2-8b3f-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f4a6301d-1942-11e2-8607-485b399b5ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a6301d-1942-11e2-8607-485b399b5ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f631e289-c240-11e2-9b34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f631e289-c240-11e2-9b34-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.07.08 19:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.07.08 19:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.07.08 19:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.08 19:37:33 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Marvin\Desktop\HitmanPro_x64.exe
[2013.07.06 00:56:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.05 23:29:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.05 23:29:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.05 23:29:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.05 23:29:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.07.05 23:29:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.05 23:17:21 | 005,085,843 | R--- | C] (Swearware) -- C:\Users\Marvin\Desktop\ComboFix.exe
[2013.07.05 21:52:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marvin\Desktop\tdsskiller.exe
[2013.07.05 19:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.07.05 19:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.07.04 17:39:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2013.07.04 00:30:38 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2013.07.04 00:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.04 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.30 16:10:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013.06.30 16:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.06.30 16:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.06.12 18:01:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Google
========== Files - Modified Within 30 Days ==========
[2013.07.08 21:15:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.08 19:40:20 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.08 19:37:35 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Marvin\Desktop\HitmanPro_x64.exe
[2013.07.08 19:14:33 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 19:14:33 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 19:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.08 19:06:41 | 3054,383,104 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.06 09:47:56 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.06 09:47:56 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.06 09:47:56 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.06 09:47:56 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.06 09:47:56 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.06 01:37:25 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.05 23:17:23 | 005,085,843 | R--- | M] (Swearware) -- C:\Users\Marvin\Desktop\ComboFix.exe
[2013.07.05 21:52:57 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marvin\Desktop\tdsskiller.exe
[2013.07.05 19:52:38 | 000,013,306 | ---- | M] () -- C:\Users\Marvin\Desktop\Extras.zip
[2013.07.04 19:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Marvin\defogger_reenable
[2013.07.04 18:55:40 | 000,050,477 | ---- | M] () -- C:\Users\Marvin\Desktop\Defogger.exe
[2013.07.04 17:39:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2013.07.04 17:04:26 | 000,650,027 | ---- | M] () -- C:\Users\Marvin\Desktop\adwcleaner.exe
[2013.07.04 16:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.04 16:16:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.04 15:56:49 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.07.04 15:47:05 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.04 15:47:05 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.04 15:47:05 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.04 15:47:05 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.04 15:39:53 | 000,001,596 | ---- | M] () -- C:\Windows\wininit.ini
[2013.07.04 14:49:29 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.07.04 14:49:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
========== Files Created - No Company Name ==========
[2013.07.08 19:40:20 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.05 23:29:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.05 23:29:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.05 23:29:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.05 23:29:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.05 23:29:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.05 19:52:38 | 000,013,306 | ---- | C] () -- C:\Users\Marvin\Desktop\Extras.zip
[2013.07.04 19:02:06 | 000,000,000 | ---- | C] () -- C:\Users\Marvin\defogger_reenable
[2013.07.04 18:55:38 | 000,050,477 | ---- | C] () -- C:\Users\Marvin\Desktop\Defogger.exe
[2013.07.04 17:04:23 | 000,650,027 | ---- | C] () -- C:\Users\Marvin\Desktop\adwcleaner.exe
[2013.07.04 16:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.04 16:16:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.04 15:47:05 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.04 15:39:50 | 000,001,596 | ---- | C] () -- C:\Windows\wininit.ini
[2013.01.20 21:20:56 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\ed4mdpg.dll
[2013.01.20 21:20:56 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\fjn1z33.dll
[2012.10.13 19:05:06 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v8sos1h.dll
[2011.08.25 11:51:00 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.06.26 16:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.11 09:40:51 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.08 07:17:26 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\DVDVideoSoft
[2011.04.27 20:49:49 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\EeeStorageUploader
[2013.05.22 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\EverAd
[2012.10.27 15:16:44 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Freedom Scientific
[2011.08.25 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\MAGIX
[2012.11.18 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\ProtectDISC
[2012.06.25 16:50:04 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Publish Providers
[2013.07.07 12:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sony
[2012.07.03 20:09:27 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Sony Creative Software Inc
[2012.10.13 17:13:15 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Telefónica
[2012.10.13 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\TGCMLog
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2013.07.06 00:56:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.04.21 22:58:20 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011.06.19 19:15:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.02.26 20:30:05 | 000,000,000 | ---D | M] -- C:\Brother
[2013.07.05 23:30:21 | 000,000,000 | --SD | M] -- C:\ComboFix
[2013.07.08 18:50:21 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.04.05 19:45:24 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.11.11 10:00:40 | 000,000,000 | ---D | M] -- C:\eSupport
[2010.11.11 10:02:52 | 000,000,000 | -H-D | M] -- C:\ExpressGateUtil
[2010.11.11 09:50:12 | 000,000,000 | ---D | M] -- C:\Intel
[2011.04.27 15:59:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.08 19:40:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.08 18:45:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.08 19:39:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.07.05 23:29:35 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.04.07 22:03:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.13 23:49:13 | 000,000,000 | ---D | M] -- C:\SearchProtect
[2013.07.08 21:57:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.07.04 14:40:48 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.08 18:39:49 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.31 16:14:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008.06.07 00:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.11.11 09:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.11 09:26:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.11 09:37:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.11.11 09:26:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.11.11 09:37:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.11.11 09:26:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.11.11 09:37:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.11.11 09:26:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_9.5.6.1001\iaStor.sys
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009.12.17 04:25:25 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista32_Win7_32_9.5.6.1001\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.11.11 09:37:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.11.11 09:37:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2013.07.04 19:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Marvin\defogger_reenable
[2013.07.08 21:53:41 | 007,077,888 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat
[2013.07.08 21:53:41 | 000,262,144 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat.LOG1
[2013.01.17 00:02:53 | 000,262,144 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat.LOG2
[2011.04.07 22:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.04.07 22:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.04.07 22:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.09.13 14:41:03 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TM.blf
[2012.09.13 14:41:03 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2012.09.13 14:41:03 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{0c185974-fd98-11e1-9657-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.06.05 01:20:31 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TM.blf
[2013.06.05 01:20:31 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.06.05 01:20:31 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{109228fd-cd61-11e2-abd2-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.03.24 19:36:56 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TM.blf
[2013.03.24 19:36:56 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.03.24 19:36:56 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{1511d1a8-94a5-11e2-a180-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.04.03 23:43:37 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TM.blf
[2013.04.03 23:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.04.03 23:43:37 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{23bea75f-9c97-11e2-b277-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.04.22 00:08:02 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TM.blf
[2013.04.22 00:08:02 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.04.22 00:08:02 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2870c15b-aac7-11e2-930f-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.07.04 14:48:23 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TM.blf
[2013.07.04 14:48:23 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.07.04 14:48:23 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{2a621fac-e475-11e2-b60f-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.01.19 01:51:21 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TM.blf
[2013.01.19 01:51:21 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.01.19 01:51:21 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{b1c0e0e7-61c4-11e2-9c66-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.03.22 00:45:12 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TM.blf
[2013.03.22 00:45:12 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.03.22 00:45:12 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{bb61ae90-9261-11e2-9d9a-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2013.04.28 21:55:29 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TM.blf
[2013.04.28 21:55:29 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TMContainer00000000000000000001.regtrans-ms
[2013.04.28 21:55:29 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\ntuser.dat{cb86aca9-b03b-11e2-a11e-485b399b5ba0}.TMContainer00000000000000000002.regtrans-ms
[2011.04.07 22:05:14 | 000,000,020 | -HS- | M] () -- C:\Users\Marvin\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC
< End of report >
|
Textbox.