WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't install ANY anti virus software [Solved]

Started by gsu , Nov 09 2013 06:21 AM

anti virus software anti virus windows 7

This topic is locked

26 replies to this topic

#1 gsu

New Member

Authentic Member
13 posts

Posted 09 November 2013 - 06:21 AM

Hi!

I cannot install any anti virus software on my computer!

I had the Microsoft Security Essentials installed and everything was fine, until it took ages to update it's latest version, and wasn't working properly anymore.

So I uninstalled it and installed the test version of AVG, which seemed to work pretty good in the first few days. But then, the system was really slow and I could barely get my work done. So I uninstalled AVG as well. Things where back to normal, my computer was fast as it used to be. The only thing missing was an anti virus software.

From this point on, I cannot install ANY antivirus software properly, the installation fails every time

I scanned my computer using OTL as described in http://forums.whatthetech.com/index.php?showtopic=106388

the results are in the attachment (I uploaded them, because it says "Do not reply to your own topic - Helpers look for topics with 0 replies.")

Please help me out! :unsure:

thanks in advance!

OTL.Txt 219.06KB 929 downloads

Extras.Txt 112.18KB 644 downloads

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 09 November 2013 - 05:29 PM

:welcome:

Is this a company computer ?

ElevatedDiagnostics <--Did you install this ?

It looks like you have McAfee Anti Virus running on this system, I see no trace of Microsoft Security Essentials or AVG ?????

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 gsu

New Member

Authentic Member
13 posts

Posted 10 November 2013 - 05:16 AM

Thanks for the quick reply!

No, it's not a company computer. And I didn't install ElevatedDiagnostics. Now I tried to open the folder "C:...\AppData\Local\ElevatedDiagnostics" and the access was denied :unsure:

I' used Microsoft Security Essentials for about an year and AVG for a few days. A test version of McAfee Anti Virus was installed on my computer as I bought it. And the Action Center says that no anti virus software can be found.

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2013 - 06:04 AM

Lets start from the beginning as Anti Virus programs are notorious for installing all over your system.

Run this tool , it will scan for any AV Programs, when it finds McAfee have it uninstall it, also uninstall AVG and Microsoft Security essentials if it finds it, when your done reboot your system and run a new scan with OTL and post a new log please, there wont be a extras log this time so dont knock yourself out trying to find it

Run AppRemover

Vista , Win 7 users, right click on the icon and select "run as administrator"

Please download AppRemover and save it to your desktop.

Double click on AppRemover.exe to run it.

Uncheck "Enable anonymous usage statistics. No personal data will be recorded."

Click on the Next button.

Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.

Click on the Next button.

A scan begins, please wait. Once done, click on the Next button.

Now you should have a list of your installed programs, choose the one or ones you want to uninstall and click on the Next button.

Uninstall one at a time

Follow the last step and reboot if asked to do so.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 gsu

New Member

Authentic Member
13 posts

Posted 10 November 2013 - 12:35 PM

It didn't find McAfee, Microsoft Security Essentials or AVG.

This is the new log:

OTL logfile created on: 10.11.2013 13:49:42 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gina\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 70,78% Memory free

15,80 Gb Paging File | 13,28 Gb Available in Paging File | 84,01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 678,36 Gb Total Space | 543,95 Gb Free Space | 80,19% Space Free | Partition Type: NTFS

Computer Name: GINA-VAIO | User Name: Gina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gina\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

PRC - C:\Programme\Tablet\Pen\WacomHost.exe (Wacom Technology)

PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

PRC - C:\Programme\AuthenTec TrueSuite\BioMonitor.exe (AuthenTec Inc.)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)

PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)

PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()

MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found

SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McATScheduler) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()

SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)

SRV - (FPLService) -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe (AuthenTec, Inc)

SRV - (MfeFfCoreService) -- C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe (McAfee, Inc.)

SRV - (Intel® -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)

SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)

SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)

SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (ActiveDelayDeviceService) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MfeEEFFV) -- C:\Windows\SysNative\drivers\MfeEEFFV.sys (McAfee, Inc.)

DRV:64bit: - (MfeEEFF) -- C:\Windows\SysNative\drivers\MfeEEFF.sys (McAfee, Inc.)

DRV:64bit: - (ImatDs) -- C:\Windows\SysNative\drivers\ImatDs.sys (McAfee, Inc.)

DRV:64bit: - (ImatDisk) -- C:\Windows\SysNative\drivers\ImatDisk.sys (McAfee, Inc.)

DRV:64bit: - (ImatDmk) -- C:\Windows\SysNative\drivers\ImatDmk.sys (McAfee, Inc.)

DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)

DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)

DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)

DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaioportal.sony.eu

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{B7E317CF-29EE-4C4C-8FDB-7828A47F58D8}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.09.11 19:45:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll

CHR - plugin: TrueSuite (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\npwebsitelogon.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll

CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll

CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Gina\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: WhatFont = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm\2.0.2_0\

CHR - Extension: Ghostery = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\

CHR - Extension: Website Logon = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MfeFfCore] C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe (McAfee, Inc.)

O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [Intel AT Service signup] c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe (Intel Corporation)

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)

O4 - HKLM..\Run: [MetroTileShortcut] "C:\Program Files\McAfeeAntiTheft\2.2.279.5\McATUIHost.exe" /IMAT_SHORTCUTS File not found

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A001267-9A48-4E03-903E-9D1DB5401011}: DhcpNameServer = 10.0.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll) - C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll ()

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell - "" = AutoRun

O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013.11.10 13:34:40 | 011,999,592 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe

[2013.11.09 11:57:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe

[2013.11.07 22:01:54 | 000,000,000 | ---D | C] -- C:\WINSSLog

[2013.11.06 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.11.06 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ElevatedDiagnostics

[2013.11.06 22:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013.11.06 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Programs

[2013.11.06 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Gina\Documents\WebCam Media

[2013.11.06 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ArcSoft

[2013.11.06 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\ArcSoft

[2013.11.06 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Mozilla

[2013.11.06 19:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013.10.20 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\TuneUp Software

[2013.10.20 13:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files

[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\MFAData

[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013.10.20 13:05:20 | 000,000,000 | ---D | C] -- C:\51ba1d4f5e841ad9f6b9

[2013.10.16 19:36:10 | 000,000,000 | ---D | C] -- C:\af4b3e525e4de1e30ae16a1616d45ca9

[2013.10.16 16:06:10 | 000,000,000 | ---D | C] -- C:\62ecc920da52e10827242e

[2013.10.16 07:25:58 | 000,000,000 | ---D | C] -- C:\c8b659c083dd8b3ef2

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.10 13:55:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001UA.job

[2013.11.10 13:50:59 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.11.10 13:50:59 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.11.10 13:43:18 | 000,001,950 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk

[2013.11.10 13:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.11.10 13:40:42 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys

[2013.11.10 13:35:05 | 011,999,592 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe

[2013.11.10 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.11.10 11:55:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001Core.job

[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe

[2013.11.09 11:43:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013.11.06 11:15:00 | 000,001,456 | ---- | M] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs

[2013.11.06 08:39:10 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.11.06 08:39:10 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.11.06 08:39:10 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.11.06 08:39:10 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.11.06 08:39:10 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.11.05 21:01:34 | 005,095,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.10.21 15:02:43 | 000,001,340 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.11.07 22:21:30 | 000,001,950 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk

[2013.11.07 22:21:30 | 000,001,340 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

[2013.05.17 21:42:42 | 000,001,456 | ---- | C] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs

[2013.04.10 21:43:53 | 000,000,132 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen

[2012.09.16 15:24:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012.04.05 03:04:29 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2012.04.05 03:04:28 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2012.04.05 03:04:27 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2012.04.05 03:04:27 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2009.03.30 11:22:43 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.03 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012.09.16 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013.04.08 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Downloaded Installations

[2013.10.25 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Dropbox

[2013.11.06 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\FileZilla

[2013.06.30 22:18:51 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\iolo

[2012.10.03 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\IrfanView

[2013.01.30 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Notepad++

[2013.01.07 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PACE Anti-Piracy

[2012.09.21 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PDAppFlex

[2013.01.07 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Publish Providers

[2013.02.03 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\REAPER

[2013.05.05 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Sony

[2012.09.29 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012.11.15 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Tific

[2013.10.20 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\TuneUp Software

[2013.01.16 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Wacom

[2013.09.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher

[2013.01.16 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >

[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml

[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6049b4095286d3f\Explorer.adml

< MD5 for: EXPLORER.ADMX >

[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx

[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >

[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.3264.DMP >

[2013.09.11 14:16:28 | 003,069,947 | ---- | M] () MD5=B3BF413BF6D1AAE502F0BA0969F48AB7 -- C:\Users\Gina\AppData\Local\CrashDumps\explorer.exe.3264.dmp

< MD5 for: EXPLORER.EXE.MUI >

[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\de-DE\explorer.exe.mui

[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8f6a2cb9e74c5d6\explorer.exe.mui

[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\SysWOW64\de-DE\explorer.exe.mui

[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c34b4d1dd2d587d1\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >

[2013.01.09 02:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe

[2013.05.17 03:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe

[2012.11.14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe

[2012.06.29 06:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe

[2013.07.26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe

[2013.08.10 07:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe

[2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe

[2013.02.22 08:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe

[2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe

[2013.06.12 05:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe

[2012.08.24 12:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe

[2013.06.12 01:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe

[2013.02.22 05:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe

[2013.08.10 07:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe

[2013.08.10 05:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe

[2013.05.17 02:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe

[2013.04.04 23:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe

[2013.02.22 05:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe

[2013.08.10 06:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe

[2012.10.08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe

[2012.08.24 11:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe

[2012.06.29 03:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe

[2012.08.24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe

[2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe

[2013.07.26 04:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe

[2013.02.02 09:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe

[2010.11.21 04:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe

[2013.07.26 06:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe

[2013.05.17 04:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe

[2012.02.24 01:21:12 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe

[2012.06.29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe

[2013.06.12 03:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe

[2013.04.05 02:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe

[2013.02.02 05:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe

[2013.02.02 08:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe

[2013.06.05 16:00:04 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe

[2012.11.16 04:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe

[2013.02.22 08:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe

[2013.04.04 22:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe

[2013.04.05 01:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe

[2010.11.21 04:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe

[2013.06.12 08:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe

[2013.06.05 16:00:01 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe

[2012.10.08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe

[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe

[2013.09.23 01:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe

[2013.02.02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe

[2013.07.26 06:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe

[2013.09.23 02:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe

[2012.06.29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe

[2013.05.17 04:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe

[2013.01.09 01:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe

[2013.01.08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe

[2012.02.24 01:21:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe

[2012.10.08 12:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe

[2012.11.14 03:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe

[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe

[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe

[2012.11.14 08:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >

[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c\iexplore.exe.mui

[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui

[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui

[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui

[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui

[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_674bb56c67089ab9\iexplore.exe.mui

[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_71a05fbe9b695cb4\iexplore.exe.mui

[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_5e105a19c938bfa1\iexplore.exe.mui

[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=74EB5304DFC6E33B6C87D0688860B6BC -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6252687e84367fb4\iexplore.exe.mui

[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui

[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui

[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui

[2009.07.14 03:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui

[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6ca712d0b89741af\iexplore.exe.mui

[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >

[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >

[2012.11.21 01:09:36 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=456C45B1A2ECE8814987C4A4EA786413 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

[2012.11.21 00:37:22 | 000,382,616 | ---- | M] (Adobe Systems Incorporated) MD5=87ACA12B41F894A8CAFD264A1FC9D1F0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >

[2012.07.27 21:52:04 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx

[2012.07.27 21:52:04 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx

[2012.07.27 21:51:54 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx

[2012.07.27 21:51:50 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx

[2012.07.27 21:51:52 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx

[2012.07.27 21:51:52 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx

[2012.07.27 21:51:56 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx

[2012.07.27 21:51:58 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

[2012.07.27 21:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx

[2012.07.27 21:51:56 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx

[2012.07.27 21:51:40 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx

[2012.07.27 21:52:02 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx

[2013.09.03 14:54:18 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx

[2012.07.27 21:51:38 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx

[2012.07.27 21:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

[2013.09.03 14:54:20 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

[2012.07.27 21:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx

[2012.07.27 21:52:06 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx

[2012.07.27 21:51:56 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx

[2012.07.27 21:52:06 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx

[2012.07.27 21:52:08 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx

[2012.07.27 21:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx

[2012.07.27 21:52:00 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx

[2012.07.27 21:51:44 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx

[2012.07.27 21:52:00 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx

[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx

[2012.07.27 21:51:48 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx

[2012.07.27 21:51:46 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx

[2012.07.27 21:51:44 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >

[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >

[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >

[2010.11.15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >

[2010.11.15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >

[2010.11.15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >

[2010.11.15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >

[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >

[2010.11.15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >

[2010.11.15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >

[2010.11.15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >

[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >

[2010.11.15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >

[2010.11.15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >

[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >

[2010.11.15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >

[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >

[2010.11.15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >

[2010.11.15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >

[2010.11.15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >

[2010.11.15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >

[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >

[2010.11.15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >

[2010.11.15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >

[2010.11.15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >

[2010.11.15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >

[2013.09.03 14:54:16 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg

[2013.09.03 14:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2010.10.25 14:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

[2010.11.15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.CFSERVICE.JAR >

[2012.03.16 02:33:04 | 000,142,226 | ---- | M] () MD5=18D9FCB12CE658BA4D24D8DC2D641BA6 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.CFService_4.6.1.335153\services.CFService.jar

< MD5 for: SERVICES.EXE >

[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui

[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui

< MD5 for: SERVICES.HTM >

[2007.02.11 16:52:50 | 000,013,720 | ---- | M] () MD5=5B1A2F8639E67EAAB32B5E446EDDA178 -- C:\Users\Gina\Desktop\Kolleg\2aKMTM\WLM_GAIS\Unterlagen\selfhtml812\intro\hilfsmittel\services.htm

< MD5 for: SERVICES.LNK >

[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc

[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc

[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc

[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PHPSERVICE.JAR >

[2012.03.16 02:33:06 | 000,149,053 | ---- | M] () MD5=EDDA59974541208844A9FE430268D469 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.PHPService_4.6.1.335153\services.PHPService.jar

< MD5 for: SERVICES.PTXML >

[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.STATICCONTENTSERVICE.JAR >

[2012.03.16 02:33:06 | 000,072,917 | ---- | M] () MD5=15E17BFD2088059A73A22119D0D1613A -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.StaticContentService_4.6.1.335153\services.StaticContentService.jar

< MD5 for: SERVICES.WEBSERVICE.DERIVED.JAR >

[2012.03.16 02:33:06 | 000,183,653 | ---- | M] () MD5=1BEE56EAF2A85F3662291392C8804E1E -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.WEBService.derived_4.6.1.335153\services.WEBService.derived.jar

< MD5 for: WINLOGON.ADML >

[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml

[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_48082d3607b4f4ab\WinLogon.adml

< MD5 for: WINLOGON.ADMX >

[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx

[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >

[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\SysNative\de-DE\winlogon.exe.mui

[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_802dc1012bd7f0b6\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >

[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\SysNative\wbem\de-DE\winlogon.mfl

[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbbeff044a21c6b1\winlogon.mfl

< MD5 for: WINLOGON.MOF >

[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof

[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >

[2013.11.10 13:40:42 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys

[2013.11.10 13:40:42 | 4189,351,935 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2011.05.13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

[2012.09.28 17:38:45 | 000,001,654 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >

[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[2009.03.30 11:22:43 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\RGSGrowBounds.aex

[2013.05.22 09:31:26 | 000,080,185 | ---- | M] () -- C:\Program Files (x86)\trapcodeparticularv2.log

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >

Volume in Laufwerk C: hat keine Bezeichnung.

Volumeseriennummer: F449-682A

Verzeichnis von C:\

14.07.2009 06:08 <VERBINDUNG> Documents and Settings [..]

14.09.2012 14:02 <VERBINDUNG> Dokumente und Einstellungen [..]

14.09.2012 14:02 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Program Files

14.09.2012 14:02 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Program Files\Windows NT

14.09.2012 14:02 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Program Files (x86)\Evernote

18.05.2012 12:15 <SYMLINKD> Evernote3.5 [C:\Program Files (x86)\Evernote\Evernote\]

0 Datei(en), 0 Bytes

Verzeichnis von C:\ProgramData

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.07.2009 06:08 <VERBINDUNG> Application Data [..]

14.07.2009 06:08 <VERBINDUNG> Desktop [..]

14.07.2009 06:08 <VERBINDUNG> Documents [..]

14.09.2012 14:02 <VERBINDUNG> Dokumente [..]

14.09.2012 14:02 <VERBINDUNG> Favoriten [..]

14.07.2009 06:08 <VERBINDUNG> Favorites [..]

14.07.2009 06:08 <VERBINDUNG> Start Menu [..]

14.09.2012 14:02 <VERBINDUNG> Startmen [..]

14.07.2009 06:08 <VERBINDUNG> Templates [..]

14.09.2012 14:02 <VERBINDUNG> Vorlagen [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu

14.09.2012 14:02 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users

14.07.2009 06:08 <SYMLINKD> All Users [..]

14.07.2009 06:08 <VERBINDUNG> Default User [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\All Users

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.07.2009 06:08 <VERBINDUNG> Application Data [..]

14.07.2009 06:08 <VERBINDUNG> Desktop [..]

14.07.2009 06:08 <VERBINDUNG> Documents [..]

14.09.2012 14:02 <VERBINDUNG> Dokumente [..]

14.09.2012 14:02 <VERBINDUNG> Favoriten [..]

14.07.2009 06:08 <VERBINDUNG> Favorites [..]

14.07.2009 06:08 <VERBINDUNG> Start Menu [..]

14.09.2012 14:02 <VERBINDUNG> Startmen [..]

14.07.2009 06:08 <VERBINDUNG> Templates [..]

14.09.2012 14:02 <VERBINDUNG> Vorlagen [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu

14.09.2012 14:02 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Default

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.07.2009 06:08 <VERBINDUNG> Application Data [..]

14.07.2009 06:08 <VERBINDUNG> Cookies [..]

14.09.2012 14:02 <VERBINDUNG> Druckumgebung [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Dateien [..]

14.07.2009 06:08 <VERBINDUNG> Local Settings [..]

14.09.2012 14:02 <VERBINDUNG> Lokale Einstellungen [..]

14.07.2009 06:08 <VERBINDUNG> My Documents [..]

14.07.2009 06:08 <VERBINDUNG> NetHood [..]

14.09.2012 14:02 <VERBINDUNG> Netzwerkumgebung [..]

14.07.2009 06:08 <VERBINDUNG> PrintHood [..]

14.07.2009 06:08 <VERBINDUNG> Recent [..]

14.07.2009 06:08 <VERBINDUNG> SendTo [..]

14.07.2009 06:08 <VERBINDUNG> Start Menu [..]

14.09.2012 14:02 <VERBINDUNG> Startmen [..]

14.07.2009 06:08 <VERBINDUNG> Templates [..]

14.09.2012 14:02 <VERBINDUNG> Vorlagen [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Default\AppData\Local

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.07.2009 06:08 <VERBINDUNG> Application Data [..]

14.07.2009 06:08 <VERBINDUNG> History [..]

14.07.2009 06:08 <VERBINDUNG> Temporary Internet Files [..]

14.09.2012 14:02 <VERBINDUNG> Verlauf [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

14.09.2012 14:02 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Default\Documents

14.09.2012 14:02 <VERBINDUNG> Eigene Bilder [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Musik [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Videos [..]

14.07.2009 06:08 <VERBINDUNG> My Music [..]

14.07.2009 06:08 <VERBINDUNG> My Pictures [..]

14.07.2009 06:08 <VERBINDUNG> My Videos [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Gina

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.09.2012 14:02 <VERBINDUNG> Cookies [..]

14.09.2012 14:02 <VERBINDUNG> Druckumgebung [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Dateien [..]

14.09.2012 14:02 <VERBINDUNG> Lokale Einstellungen [..]

14.09.2012 14:02 <VERBINDUNG> Netzwerkumgebung [..]

14.09.2012 14:02 <VERBINDUNG> Recent [..]

14.09.2012 14:02 <VERBINDUNG> SendTo [..]

14.09.2012 14:02 <VERBINDUNG> Startmen [..]

14.09.2012 14:02 <VERBINDUNG> Vorlagen [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Gina\AppData\Local

14.09.2012 14:02 <VERBINDUNG> Anwendungsdaten [..]

14.09.2012 14:02 <VERBINDUNG> Temporary Internet Files [..]

14.09.2012 14:02 <VERBINDUNG> Verlauf [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu

14.09.2012 14:02 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Gina\Documents

14.09.2012 14:02 <VERBINDUNG> Eigene Bilder [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Musik [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Videos [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\Public\Documents

14.09.2012 14:02 <VERBINDUNG> Eigene Bilder [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Musik [..]

14.09.2012 14:02 <VERBINDUNG> Eigene Videos [..]

14.07.2009 06:08 <VERBINDUNG> My Music [..]

14.07.2009 06:08 <VERBINDUNG> My Pictures [..]

14.07.2009 06:08 <VERBINDUNG> My Videos [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\UpdatusUser

18.05.2012 10:59 <VERBINDUNG> Anwendungsdaten [..]

18.05.2012 10:59 <VERBINDUNG> Cookies [..]

18.05.2012 10:59 <VERBINDUNG> Druckumgebung [..]

18.05.2012 10:59 <VERBINDUNG> Eigene Dateien [..]

18.05.2012 10:59 <VERBINDUNG> Lokale Einstellungen [..]

18.05.2012 10:59 <VERBINDUNG> Netzwerkumgebung [..]

18.05.2012 10:59 <VERBINDUNG> Recent [..]

18.05.2012 10:59 <VERBINDUNG> SendTo [..]

18.05.2012 10:59 <VERBINDUNG> Startmen [..]

18.05.2012 10:59 <VERBINDUNG> Vorlagen [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\UpdatusUser\AppData\Local

18.05.2012 10:59 <VERBINDUNG> Anwendungsdaten [..]

18.05.2012 10:59 <VERBINDUNG> Temporary Internet Files [..]

18.05.2012 10:59 <VERBINDUNG> Verlauf [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu

18.05.2012 10:59 <VERBINDUNG> Programme [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\UpdatusUser\Documents

18.05.2012 10:59 <VERBINDUNG> Eigene Bilder [..]

18.05.2012 10:59 <VERBINDUNG> Eigene Musik [..]

18.05.2012 10:59 <VERBINDUNG> Eigene Videos [..]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Windows\System32\config\systemprofile

06.11.2013 21:53 <VERBINDUNG> Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]

06.11.2013 21:53 <VERBINDUNG> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

06.11.2013 21:53 <VERBINDUNG> Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Windows\System32\config\systemprofile\AppData\Local

06.11.2013 21:53 <VERBINDUNG> Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]

06.11.2013 21:53 <VERBINDUNG> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

06.11.2013 21:53 <VERBINDUNG> Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Windows\SysWOW64\config\systemprofile

06.11.2013 21:53 <VERBINDUNG> Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]

06.11.2013 21:53 <VERBINDUNG> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

06.11.2013 21:53 <VERBINDUNG> Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]

0 Datei(en), 0 Bytes

Verzeichnis von C:\Windows\SysWOW64\config\systemprofile\AppData\Local

06.11.2013 21:53 <VERBINDUNG> Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]

06.11.2013 21:53 <VERBINDUNG> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

06.11.2013 21:53 <VERBINDUNG> Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

0 Datei(en), 0 Bytes

Anzahl der angezeigten Dateien:

0 Datei(en), 0 Bytes

113 Verzeichnis(se), 584.066.043.904 Bytes frei

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2012.09.14 15:49:07 | 000,000,221 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

[2013.11.10 13:35:05 | 011,999,592 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe

[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 3072 bytes -> C:\Program Files:IMAT__DS_DIR_HDR

@Alternate Data Stream - 3072 bytes -> C:\Program Files (x86):IMAT__DS_DIR_HDR

< End of report >

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2013 - 12:56 PM

Lets run the McAfee Removal tool, then after its removal go ahead and run a new scan with OTL,

http://www.bleepingc...s-removal-tool/

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 gsu

New Member

Authentic Member
13 posts

Posted 10 November 2013 - 05:40 PM

Couldn't run the McAfee Removal tool because there is McAfee Anti Theft installed on my computer and I cannot uninstall it tried to uninstall it many times, but no response..

Edited by gsu, 10 November 2013 - 05:41 PM.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 November 2013 - 06:23 PM

Did you put the Anti Theft program on this computer ?

http://service.mcafe...033&id=TS101587

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 gsu

New Member

Authentic Member
13 posts

Posted 12 November 2013 - 11:03 AM

Intel Anti-Theft Service was already installed on my computer as I bought it. Version 2.3.199.2

I tried the solution 3 that was listed on the site you posted, I was able to log in...but it says that my device is not set up and to do that I have to download the software. Which I did yesterday, but I haven't installed it yet. Wanted to consult it with you first...just to make sure that it won't make things worse

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 12 November 2013 - 12:06 PM

Hi,

Were talking two different things here, first you said McAfee Anti Theft was preventing you from uninstalling and now your posting about Intel Anti Theft. Personally I would not fool around with anything related to Intel.

Is McAfee in your list of programs you can uninstall via Programs and Features in the Control Panel ? If so try again to uninstall it.

Your OTL log looks ok malwarewise, sometimes malware will prevent security programs from being installed, at this point all we can do is run a few other scans and make sure that hidden malware is not the culprit.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 gsu

New Member

Authentic Member
13 posts

Posted 13 November 2013 - 04:05 PM

Hey

As i tried to run the McAfee Removal Tool it said that it failed because McAfee Anti Theft is installed on the computer, that's why I wrote it earlier. According to Programs and Features Intel Anti-Theft Service, which is from McAfee,Inc is installed. That is the only McAfee program. But I still can't uninstall it, it's not responding..

I ran both scans and no malicious items were detected

****************************************************************************************

Run date: 2013-11-13 22:19:14

-----------------------------

22:19:14.898 OS Version: Windows x64 6.1.7601 Service Pack 1

22:19:14.899 Number of processors: 8 586 0x3A09

22:19:14.900 ComputerName: GINA-VAIO UserName: Gina

22:19:14.905 Initialze error 1

22:19:45.448 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:19:45.452 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3

22:19:45.469 Disk 0 MBR read successfully

22:19:45.474 Disk 0 MBR scan

22:19:45.478 Disk 0 unknown MBR code

22:19:45.483 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

22:19:45.489 Disk 0 scanning C:\Windows\system32\drivers

22:19:45.494 Service scanning

22:19:46.057 Modules scanning

22:19:46.064 Disk 0 trace - called modules:

22:19:46.072 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

22:19:46.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5b3790]

22:19:46.086 3 CLASSPNP.SYS[fffff88001d0243f] -> nt!IofCallDriver -> [0xfffffa8008173930]

22:19:46.093 5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800817b050]

22:19:46.100 Scan finished successfully

22:20:19.999 Disk 0 MBR has been saved successfully to "C:\Users\Gina\Desktop\MBR.dat"

22:20:20.010 The log file has been saved successfully to "C:\Users\Gina\Desktop\aswMBR.txt"

****************************************************************************************

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.13.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Gina :: GINA-VAIO [administrator]

13.11.2013 22:27:01

mbam-log-2013-11-13 (22-27-01).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 236901

Time elapsed: 12 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Edited by gsu, 13 November 2013 - 04:07 PM.

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 13 November 2013 - 04:52 PM

Lets do this

If you care not to run this fix than what I can do is link you to a McAfee forum that may be able to help you as I see no malware preventing a AV program from being installed

Where going to make changes to your system but before doing that we need to create a System Restore Point in case of problems

Instructions here

Creat a new Restore Point

http://www.howtogeek...t-in-windows-7/

In the event you have problems you can restore your computer to where it was prior to the fix

http://windows.micro.../system-restore

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

 
:OTL
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McATScheduler) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MfeFfCoreService) -- C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe (McAfee, Inc.)
DRV:64bit: - (MfeEEFFV) -- C:\Windows\SysNative\drivers\MfeEEFFV.sys (McAfee, Inc.)
DRV:64bit: - (MfeEEFF) -- C:\Windows\SysNative\drivers\MfeEEFF.sys (McAfee, Inc.)
DRV:64bit: - (ImatDs) -- C:\Windows\SysNative\drivers\ImatDs.sys (McAfee, Inc.)
DRV:64bit: - (ImatDisk) -- C:\Windows\SysNative\drivers\ImatDisk.sys (McAfee, Inc.)
DRV:64bit: - (ImatDmk) -- C:\Windows\SysNative\drivers\ImatDmk.sys (McAfee, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O4:64bit: - HKLM..\Run: [MfeFfCore] C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MetroTileShortcut] "C:\Program Files\McAfeeAntiTheft\2.2.279.5\McATUIHost.exe" /IMAT_SHORTCUTS File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O20:64bit: - AppInit_DLLs: (C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll) - C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll ()
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\MFAData
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
 
:Services
 
:Reg
 
:Files
ipconfig /flushdns /c
 
 
:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan

Let the program run unhindered, reboot when it is done

Then post the results of the log it produces

Post the log from the fix and then run a new scan with OTL and post a new log please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 gsu

New Member

Authentic Member
13 posts

Posted 14 November 2013 - 01:56 PM

I also think that it is McAfee the reason for the troubleshoot. Glad to know that there ain't any malware harming the system

I did the scan and the OTL log is:

All processes killed

========== OTL ==========

Service mcpltsvc stopped successfully!

Service mcpltsvc deleted successfully!

C:\Programme\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe moved successfully.

Service McATScheduler stopped successfully!

Service McATScheduler deleted successfully!

File C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe not found.

Service MfeFfCoreService stopped successfully!

Service MfeFfCoreService deleted successfully!

C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe moved successfully.

Error: Unable to stop service MfeEEFFV!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MfeEEFFV deleted successfully.

C:\Windows\SysNative\drivers\MfeEEFFV.sys moved successfully.

Service MfeEEFF stopped successfully!

Service MfeEEFF deleted successfully!

C:\Windows\SysNative\drivers\MfeEEFF.sys moved successfully.

Error: Unable to stop service ImatDs!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDs deleted successfully.

C:\Windows\SysNative\drivers\ImatDs.sys moved successfully.

Error: Unable to stop service ImatDisk!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDisk deleted successfully.

C:\Windows\SysNative\drivers\ImatDisk.sys moved successfully.

Error: Unable to stop service ImatDmk!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDmk deleted successfully.

C:\Windows\SysNative\drivers\ImatDmk.sys moved successfully.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\ not found.

File C:\Program Files (x86)\Common Files\McAfee\SystemCore not found.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com deleted successfully.

C:\Program Files\McAfee\MSC folder moved successfully.

C:\Program Files\McAfee\Endpoint Encryption for Files and Folders folder moved successfully.

C:\Program Files\McAfee folder moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MfeFfCore deleted successfully.

File C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mcpltui_exe deleted successfully.

C:\Programme\Common Files\McAfee\Platform\McUICnt.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MetroTileShortcut deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll deleted successfully.

File C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll not found.

C:\Users\Gina\AppData\Local\MFAData\logs folder moved successfully.

C:\Users\Gina\AppData\Local\MFAData folder moved successfully.

C:\ProgramData\MFAData\avibackup folder moved successfully.

C:\ProgramData\MFAData folder moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Gina\Desktop\cmd.bat deleted successfully.

C:\Users\Gina\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gina

->Java cache emptied: 142737 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 57472 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Gina

->Temp folder emptied: 2059253415 bytes

->Temporary Internet Files folder emptied: 265334905 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 386482489 bytes

->Flash cache emptied: 59014 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 979386433 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42733776 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.560,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11142013_203658

Files\Folders moved on Reboot...

C:\Users\Gina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 14 November 2013 - 03:01 PM

Great, run a new scan with OTL and post the log please and lets make sure its all gone

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#15 gsu

New Member

Authentic Member
13 posts

Posted 14 November 2013 - 04:29 PM

the new log:

OTL logfile created on: 14.11.2013 23:17:10 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gina\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 5,17 Gb Available Physical Memory | 65,43% Memory free

15,80 Gb Paging File | 12,61 Gb Available in Paging File | 79,83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 678,36 Gb Total Space | 547,55 Gb Free Space | 80,72% Space Free | Partition Type: NTFS