Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't install ANY anti virus software [Solved]

anti virus software anti virus windows 7

  • This topic is locked This topic is locked
26 replies to this topic

#1 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 09 November 2013 - 06:21 AM

Hi!
 
I cannot install any anti virus software on my computer! :( I had the Microsoft Security Essentials installed and everything was fine, until it took ages to update it's latest version, and wasn't working properly anymore. 
So I uninstalled it and installed the test version of AVG, which seemed to work pretty good in the first few days. But then, the system was really slow and I could barely get my work done. So I uninstalled AVG as well. Things where back to normal, my computer was fast as it used to be. The only thing missing was an anti virus software. 
From this point on, I cannot install ANY antivirus software properly, the installation fails every time :(
 
I scanned my computer using OTL as described in http://forums.whatthetech.com/index.php?showtopic=106388 
 
the results are in the attachment (I uploaded them, because it says "Do not reply to your own topic - Helpers look for topics with 0 replies.")
 
Please help me out!  :unsure:  thanks in advance!  :)
 
Attached File  OTL.Txt   219.06KB   681 downloads
Attached File  Extras.Txt   112.18KB   406 downloads

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 09 November 2013 - 05:29 PM

:welcome:

 

Is this a company computer ?

 

ElevatedDiagnostics <--Did you install this ?

 

It looks like you have McAfee Anti Virus  running on this system, I see no trace of Microsoft Security Essentials or AVG ?????


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 10 November 2013 - 05:16 AM

Hi :)

 

Thanks for the quick reply!

 

No, it's not a company computer. And I didn't install ElevatedDiagnostics. Now I tried to open the folder "C:...\AppData\Local\ElevatedDiagnostics" and the access was denied  :unsure: 

 

I' used Microsoft Security Essentials for about an year and AVG for a few days. A test version of McAfee Anti Virus was installed on my computer as I bought it. And the Action Center says that no anti virus software can be found.



#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2013 - 06:04 AM

Lets start from the beginning as Anti Virus programs are notorious for installing all over your system.

 

Run this tool , it will scan for any AV Programs, when it finds McAfee have it uninstall it, also uninstall AVG and Microsoft Security essentials if it finds it, when your done reboot your system and run a new scan with OTL and post a new log please, there wont be a extras log this time so dont knock yourself out trying to find it

 

Run AppRemover
 
Vista , Win 7 users, right click on the icon and select "run as administrator"
 
Please download AppRemover and save it to your desktop.
  •  
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed programs, choose the one or ones you want to uninstall and click on the Next button.
  • Uninstall one at a time
  • Follow the last step and reboot if asked to do so.
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 10 November 2013 - 12:35 PM

It didn't find McAfee, Microsoft Security Essentials or AVG.

This is the new log:

 

OTL logfile created on: 10.11.2013 13:49:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,59 Gb Available Physical Memory | 70,78% Memory free
15,80 Gb Paging File | 13,28 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,36 Gb Total Space | 543,95 Gb Free Space | 80,19% Space Free | Partition Type: NTFS
 
Computer Name: GINA-VAIO | User Name: Gina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Programme\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Programme\AuthenTec TrueSuite\BioMonitor.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McATScheduler) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (FPLService) -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe (AuthenTec, Inc)
SRV - (MfeFfCoreService) -- C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe (McAfee, Inc.)
SRV - (Intel® -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ActiveDelayDeviceService) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MfeEEFFV) -- C:\Windows\SysNative\drivers\MfeEEFFV.sys (McAfee, Inc.)
DRV:64bit: - (MfeEEFF) -- C:\Windows\SysNative\drivers\MfeEEFF.sys (McAfee, Inc.)
DRV:64bit: - (ImatDs) -- C:\Windows\SysNative\drivers\ImatDs.sys (McAfee, Inc.)
DRV:64bit: - (ImatDisk) -- C:\Windows\SysNative\drivers\ImatDisk.sys (McAfee, Inc.)
DRV:64bit: - (ImatDmk) -- C:\Windows\SysNative\drivers\ImatDmk.sys (McAfee, Inc.)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{B7E317CF-29EE-4C4C-8FDB-7828A47F58D8}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.09.11 19:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: TrueSuite (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gina\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: WhatFont = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm\2.0.2_0\
CHR - Extension: Ghostery = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Website Logon = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MfeFfCore] C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Intel AT Service signup] c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MetroTileShortcut] "C:\Program Files\McAfeeAntiTheft\2.2.279.5\McATUIHost.exe" /IMAT_SHORTCUTS File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A001267-9A48-4E03-903E-9D1DB5401011}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll) - C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell - "" = AutoRun
O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.10 13:34:40 | 011,999,592 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe
[2013.11.09 11:57:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
[2013.11.07 22:01:54 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2013.11.06 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.11.06 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ElevatedDiagnostics
[2013.11.06 22:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.11.06 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Programs
[2013.11.06 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Gina\Documents\WebCam Media
[2013.11.06 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ArcSoft
[2013.11.06 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\ArcSoft
[2013.11.06 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Mozilla
[2013.11.06 19:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.10.20 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\TuneUp Software
[2013.10.20 13:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\MFAData
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.10.20 13:05:20 | 000,000,000 | ---D | C] -- C:\51ba1d4f5e841ad9f6b9
[2013.10.16 19:36:10 | 000,000,000 | ---D | C] -- C:\af4b3e525e4de1e30ae16a1616d45ca9
[2013.10.16 16:06:10 | 000,000,000 | ---D | C] -- C:\62ecc920da52e10827242e
[2013.10.16 07:25:58 | 000,000,000 | ---D | C] -- C:\c8b659c083dd8b3ef2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.10 13:55:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001UA.job
[2013.11.10 13:50:59 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.10 13:50:59 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.10 13:43:18 | 000,001,950 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.11.10 13:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.10 13:40:42 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.10 13:35:05 | 011,999,592 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe
[2013.11.10 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.10 11:55:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001Core.job
[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
[2013.11.09 11:43:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.11.06 11:15:00 | 000,001,456 | ---- | M] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.11.06 08:39:10 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.06 08:39:10 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.06 08:39:10 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.06 08:39:10 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.06 08:39:10 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.05 21:01:34 | 005,095,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.21 15:02:43 | 000,001,340 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.11.07 22:21:30 | 000,001,950 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.11.07 22:21:30 | 000,001,340 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.05.17 21:42:42 | 000,001,456 | ---- | C] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.10 21:43:53 | 000,000,132 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.09.16 15:24:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.04.05 03:04:29 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.05 03:04:28 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.05 03:04:27 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.05 03:04:27 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2009.03.30 11:22:43 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.03 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.16 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.08 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Downloaded Installations
[2013.10.25 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Dropbox
[2013.11.06 09:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\FileZilla
[2013.06.30 22:18:51 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\iolo
[2012.10.03 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\IrfanView
[2013.01.30 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Notepad++
[2013.01.07 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PACE Anti-Piracy
[2012.09.21 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PDAppFlex
[2013.01.07 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Publish Providers
[2013.02.03 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\REAPER
[2013.05.05 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Sony
[2012.09.29 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.15 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Tific
[2013.10.20 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\TuneUp Software
[2013.01.16 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Wacom
[2013.09.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher
[2013.01.16 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml
[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6049b4095286d3f\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.3264.DMP  >
[2013.09.11 14:16:28 | 003,069,947 | ---- | M] () MD5=B3BF413BF6D1AAE502F0BA0969F48AB7 -- C:\Users\Gina\AppData\Local\CrashDumps\explorer.exe.3264.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\de-DE\explorer.exe.mui
[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8f6a2cb9e74c5d6\explorer.exe.mui
[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\SysWOW64\de-DE\explorer.exe.mui
[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c34b4d1dd2d587d1\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2013.01.09 02:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013.05.17 03:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012.11.14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012.06.29 06:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013.07.26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013.08.10 07:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013.02.22 08:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013.06.12 05:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2012.08.24 12:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013.06.12 01:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013.02.22 05:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013.08.10 07:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013.08.10 05:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013.05.17 02:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013.04.04 23:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013.02.22 05:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2013.08.10 06:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012.10.08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012.08.24 11:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012.06.29 03:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012.08.24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013.07.26 04:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013.02.02 09:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010.11.21 04:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013.07.26 06:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013.05.17 04:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2012.02.24 01:21:12 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012.06.29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013.06.12 03:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013.04.05 02:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013.02.02 05:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013.02.02 08:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013.06.05 16:00:04 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012.11.16 04:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013.02.22 08:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2013.04.04 22:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013.04.05 01:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010.11.21 04:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013.06.12 08:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013.06.05 16:00:01 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012.10.08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013.09.23 01:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013.02.02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013.07.26 06:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013.09.23 02:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012.06.29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013.05.17 04:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013.01.09 01:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013.01.08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2012.02.24 01:21:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012.10.08 12:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012.11.14 03:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012.11.14 08:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c\iexplore.exe.mui
[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_674bb56c67089ab9\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_71a05fbe9b695cb4\iexplore.exe.mui
[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_5e105a19c938bfa1\iexplore.exe.mui
[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=74EB5304DFC6E33B6C87D0688860B6BC -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6252687e84367fb4\iexplore.exe.mui
[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009.07.14 03:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6ca712d0b89741af\iexplore.exe.mui
[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.AIP  >
[2012.11.21 01:09:36 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=456C45B1A2ECE8814987C4A4EA786413 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip
[2012.11.21 00:37:22 | 000,382,616 | ---- | M] (Adobe Systems Incorporated) MD5=87ACA12B41F894A8CAFD264A1FC9D1F0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip
 
< MD5 for: SERVICES.ASFX  >
[2012.07.27 21:52:04 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012.07.27 21:52:04 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012.07.27 21:51:54 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012.07.27 21:51:50 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012.07.27 21:51:52 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012.07.27 21:51:52 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012.07.27 21:51:58 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012.07.27 21:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012.07.27 21:51:40 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012.07.27 21:52:02 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013.09.03 14:54:18 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2012.07.27 21:51:38 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012.07.27 21:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013.09.03 14:54:20 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2012.07.27 21:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012.07.27 21:52:06 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012.07.27 21:52:06 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012.07.27 21:52:08 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012.07.27 21:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012.07.27 21:52:00 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012.07.27 21:51:44 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012.07.27 21:52:00 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012.07.27 21:51:48 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012.07.27 21:51:46 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012.07.27 21:51:44 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2010.11.15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2010.11.15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2010.11.15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2010.11.15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2010.11.15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2010.11.15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2010.11.15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2010.11.15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2010.11.15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2010.11.15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2010.11.15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2010.11.15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2010.11.15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2010.11.15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2010.11.15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2010.11.15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2010.11.15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2010.11.15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2013.09.03 14:54:16 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2013.09.03 14:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010.10.25 14:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg
[2010.11.15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg
 
< MD5 for: SERVICES.CFSERVICE.JAR  >
[2012.03.16 02:33:04 | 000,142,226 | ---- | M] () MD5=18D9FCB12CE658BA4D24D8DC2D641BA6 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.CFService_4.6.1.335153\services.CFService.jar
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui
 
< MD5 for: SERVICES.HTM  >
[2007.02.11 16:52:50 | 000,013,720 | ---- | M] () MD5=5B1A2F8639E67EAAB32B5E446EDDA178 -- C:\Users\Gina\Desktop\Kolleg\2aKMTM\WLM_GAIS\Unterlagen\selfhtml812\intro\hilfsmittel\services.htm
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
 
< MD5 for: SERVICES.PHPSERVICE.JAR  >
[2012.03.16 02:33:06 | 000,149,053 | ---- | M] () MD5=EDDA59974541208844A9FE430268D469 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.PHPService_4.6.1.335153\services.PHPService.jar
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.STATICCONTENTSERVICE.JAR  >
[2012.03.16 02:33:06 | 000,072,917 | ---- | M] () MD5=15E17BFD2088059A73A22119D0D1613A -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.StaticContentService_4.6.1.335153\services.StaticContentService.jar
 
< MD5 for: SERVICES.WEBSERVICE.DERIVED.JAR  >
[2012.03.16 02:33:06 | 000,183,653 | ---- | M] () MD5=1BEE56EAF2A85F3662291392C8804E1E -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.WEBService.derived_4.6.1.335153\services.WEBService.derived.jar
 
< MD5 for: WINLOGON.ADML  >
[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml
[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_48082d3607b4f4ab\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\SysNative\de-DE\winlogon.exe.mui
[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_802dc1012bd7f0b6\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\SysNative\wbem\de-DE\winlogon.mfl
[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbbeff044a21c6b1\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013.11.10 13:40:42 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.10 13:40:42 | 4189,351,935 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011.05.13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2012.09.28 17:38:45 | 000,001,654 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009.03.30 11:22:43 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\RGSGrowBounds.aex
[2013.05.22 09:31:26 | 000,080,185 | ---- | M] () -- C:\Program Files (x86)\trapcodeparticularv2.log
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F449-682A
 Verzeichnis von C:\
14.07.2009  06:08    <VERBINDUNG>   Documents and Settings [..]
14.09.2012  14:02    <VERBINDUNG>   Dokumente und Einstellungen [..]
14.09.2012  14:02    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files
14.09.2012  14:02    <VERBINDUNG>   Gemeinsame Dateien [C:\Program Files\Common Files]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files\Windows NT
14.09.2012  14:02    <VERBINDUNG>   Zubeh”r [C:\Program Files\Windows NT\Accessories]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files (x86)\Evernote
18.05.2012  12:15    <SYMLINKD>     Evernote3.5 [C:\Program Files (x86)\Evernote\Evernote\]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.07.2009  06:08    <VERBINDUNG>   Application Data [..]
14.07.2009  06:08    <VERBINDUNG>   Desktop [..]
14.07.2009  06:08    <VERBINDUNG>   Documents [..]
14.09.2012  14:02    <VERBINDUNG>   Dokumente [..]
14.09.2012  14:02    <VERBINDUNG>   Favoriten [..]
14.07.2009  06:08    <VERBINDUNG>   Favorites [..]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [..]
14.09.2012  14:02    <VERBINDUNG>   Startmen [..]
14.07.2009  06:08    <VERBINDUNG>   Templates [..]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users
14.07.2009  06:08    <SYMLINKD>     All Users [..]
14.07.2009  06:08    <VERBINDUNG>   Default User [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.07.2009  06:08    <VERBINDUNG>   Application Data [..]
14.07.2009  06:08    <VERBINDUNG>   Desktop [..]
14.07.2009  06:08    <VERBINDUNG>   Documents [..]
14.09.2012  14:02    <VERBINDUNG>   Dokumente [..]
14.09.2012  14:02    <VERBINDUNG>   Favoriten [..]
14.07.2009  06:08    <VERBINDUNG>   Favorites [..]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [..]
14.09.2012  14:02    <VERBINDUNG>   Startmen [..]
14.07.2009  06:08    <VERBINDUNG>   Templates [..]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.07.2009  06:08    <VERBINDUNG>   Application Data [..]
14.07.2009  06:08    <VERBINDUNG>   Cookies [..]
14.09.2012  14:02    <VERBINDUNG>   Druckumgebung [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Dateien [..]
14.07.2009  06:08    <VERBINDUNG>   Local Settings [..]
14.09.2012  14:02    <VERBINDUNG>   Lokale Einstellungen [..]
14.07.2009  06:08    <VERBINDUNG>   My Documents [..]
14.07.2009  06:08    <VERBINDUNG>   NetHood [..]
14.09.2012  14:02    <VERBINDUNG>   Netzwerkumgebung [..]
14.07.2009  06:08    <VERBINDUNG>   PrintHood [..]
14.07.2009  06:08    <VERBINDUNG>   Recent [..]
14.07.2009  06:08    <VERBINDUNG>   SendTo [..]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [..]
14.09.2012  14:02    <VERBINDUNG>   Startmen [..]
14.07.2009  06:08    <VERBINDUNG>   Templates [..]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Local
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.07.2009  06:08    <VERBINDUNG>   Application Data [..]
14.07.2009  06:08    <VERBINDUNG>   History [..]
14.07.2009  06:08    <VERBINDUNG>   Temporary Internet Files [..]
14.09.2012  14:02    <VERBINDUNG>   Verlauf [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [..]
14.07.2009  06:08    <VERBINDUNG>   My Music [..]
14.07.2009  06:08    <VERBINDUNG>   My Pictures [..]
14.07.2009  06:08    <VERBINDUNG>   My Videos [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.09.2012  14:02    <VERBINDUNG>   Cookies [..]
14.09.2012  14:02    <VERBINDUNG>   Druckumgebung [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Dateien [..]
14.09.2012  14:02    <VERBINDUNG>   Lokale Einstellungen [..]
14.09.2012  14:02    <VERBINDUNG>   Netzwerkumgebung [..]
14.09.2012  14:02    <VERBINDUNG>   Recent [..]
14.09.2012  14:02    <VERBINDUNG>   SendTo [..]
14.09.2012  14:02    <VERBINDUNG>   Startmen [..]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\AppData\Local
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [..]
14.09.2012  14:02    <VERBINDUNG>   Temporary Internet Files [..]
14.09.2012  14:02    <VERBINDUNG>   Verlauf [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Public\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [..]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [..]
14.07.2009  06:08    <VERBINDUNG>   My Music [..]
14.07.2009  06:08    <VERBINDUNG>   My Pictures [..]
14.07.2009  06:08    <VERBINDUNG>   My Videos [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser
18.05.2012  10:59    <VERBINDUNG>   Anwendungsdaten [..]
18.05.2012  10:59    <VERBINDUNG>   Cookies [..]
18.05.2012  10:59    <VERBINDUNG>   Druckumgebung [..]
18.05.2012  10:59    <VERBINDUNG>   Eigene Dateien [..]
18.05.2012  10:59    <VERBINDUNG>   Lokale Einstellungen [..]
18.05.2012  10:59    <VERBINDUNG>   Netzwerkumgebung [..]
18.05.2012  10:59    <VERBINDUNG>   Recent [..]
18.05.2012  10:59    <VERBINDUNG>   SendTo [..]
18.05.2012  10:59    <VERBINDUNG>   Startmen [..]
18.05.2012  10:59    <VERBINDUNG>   Vorlagen [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\AppData\Local
18.05.2012  10:59    <VERBINDUNG>   Anwendungsdaten [..]
18.05.2012  10:59    <VERBINDUNG>   Temporary Internet Files [..]
18.05.2012  10:59    <VERBINDUNG>   Verlauf [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu
18.05.2012  10:59    <VERBINDUNG>   Programme [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\Documents
18.05.2012  10:59    <VERBINDUNG>   Eigene Bilder [..]
18.05.2012  10:59    <VERBINDUNG>   Eigene Musik [..]
18.05.2012  10:59    <VERBINDUNG>   Eigene Videos [..]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\System32\config\systemprofile
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06.11.2013  21:53    <VERBINDUNG>   Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06.11.2013  21:53    <VERBINDUNG>   Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\System32\config\systemprofile\AppData\Local
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]
06.11.2013  21:53    <VERBINDUNG>   Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.11.2013  21:53    <VERBINDUNG>   Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\SysWOW64\config\systemprofile
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06.11.2013  21:53    <VERBINDUNG>   Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06.11.2013  21:53    <VERBINDUNG>   Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]
06.11.2013  21:53    <VERBINDUNG>   Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.11.2013  21:53    <VERBINDUNG>   Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
     Anzahl der angezeigten Dateien:
               0 Datei(en),              0 Bytes
             113 Verzeichnis(se), 584.066.043.904 Bytes frei
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012.09.14 15:49:07 | 000,000,221 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013.11.10 13:35:05 | 011,999,592 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Gina\Desktop\AppRemover.exe
[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 3072 bytes -> C:\Program Files:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Program Files (x86):IMAT__DS_DIR_HDR
 
< End of report >


#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2013 - 12:56 PM

Lets run the McAfee Removal tool, then after its removal go ahead and run a new scan with OTL, 

 

http://www.bleepingc...s-removal-tool/


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 10 November 2013 - 05:40 PM

Couldn't run the McAfee Removal tool because there is McAfee Anti Theft installed on my computer and I cannot uninstall it  :( tried to uninstall it many times, but no response..


Edited by gsu, 10 November 2013 - 05:41 PM.


#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 November 2013 - 06:23 PM

Did you put the Anti Theft program on this computer ?

http://service.mcafe...033&id=TS101587


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 12 November 2013 - 11:03 AM

Intel Anti-Theft Service was already installed on my computer as I bought it. Version  2.3.199.2

I tried the solution 3 that was listed on the site you posted, I was able to log in...but it says that my device is not set up and to do that I have to download the software. Which I did yesterday, but I haven't installed it yet. Wanted to consult it with you first...just to make sure that it won't make things worse :)



#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 November 2013 - 12:06 PM

Hi,

 

Were talking two different things here, first you said McAfee Anti Theft was preventing you from uninstalling and now your posting about Intel Anti Theft.  Personally I would not fool around with anything related to Intel.

 

Is McAfee in your list of programs you can uninstall via Programs and Features in the Control Panel ?   If so try again to uninstall it.

 

Your OTL log looks ok malwarewise, sometimes malware will prevent security programs from being installed, at this point all we can do is run a few other scans and make sure that hidden malware is not the culprit.

 

 

 
Download aswMBR.exe ( 511KB ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
aswMBR1.png
 
On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
 
 
 
 
 

Please download Malwarebytes from Here or Here
 
  •  
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 13 November 2013 - 04:05 PM

Hey :)
 
As i tried to run the McAfee Removal Tool it said that it failed because McAfee Anti Theft is installed on the computer, that's why I wrote it earlier. According to Programs and Features Intel Anti-Theft Service, which is from McAfee,Inc is installed. That is the only McAfee program. But I still can't uninstall it, it's not responding..

 

I ran both scans and no malicious items were detected

 

****************************************************************************************

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-13 22:19:14
-----------------------------
22:19:14.898    OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:14.899    Number of processors: 8 586 0x3A09
22:19:14.900    ComputerName: GINA-VAIO  UserName: Gina
22:19:14.905    Initialze error 1 
22:19:45.448    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:19:45.452    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
22:19:45.469    Disk 0 MBR read successfully
22:19:45.474    Disk 0 MBR scan
22:19:45.478    Disk 0 unknown MBR code
22:19:45.483    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
22:19:45.489    Disk 0 scanning C:\Windows\system32\drivers
22:19:45.494    Service scanning
22:19:46.057    Modules scanning
22:19:46.064    Disk 0 trace - called modules:
22:19:46.072    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
22:19:46.078    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5b3790]
22:19:46.086    3 CLASSPNP.SYS[fffff88001d0243f] -> nt!IofCallDriver -> [0xfffffa8008173930]
22:19:46.093    5 ACPI.sys[fffff88000ee67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800817b050]
22:19:46.100    Scan finished successfully
22:20:19.999    Disk 0 MBR has been saved successfully to "C:\Users\Gina\Desktop\MBR.dat"
22:20:20.010    The log file has been saved successfully to "C:\Users\Gina\Desktop\aswMBR.txt"
 
 
****************************************************************************************
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.13.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Gina :: GINA-VAIO [administrator]
 
13.11.2013 22:27:01
mbam-log-2013-11-13 (22-27-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236901
Time elapsed: 12 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

Edited by gsu, 13 November 2013 - 04:07 PM.


#12 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 November 2013 - 04:52 PM

Lets do this

 

If you care not to run this fix than what I can do is link you to a McAfee forum that may be able to help you as I see no malware preventing a AV program from being installed

 

Where going to make changes to your system but before doing that we need to create a System Restore Point in case of problems

 

Instructions here

Creat a new Restore Point
 
In the event you have problems you can restore your computer to where it was prior to the fix
 
 
 

 
Open OTL.exe
  •  
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
 
 
:OTL
SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McATScheduler) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MfeFfCoreService) -- C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe (McAfee, Inc.)
DRV:64bit: - (MfeEEFFV) -- C:\Windows\SysNative\drivers\MfeEEFFV.sys (McAfee, Inc.)
DRV:64bit: - (MfeEEFF) -- C:\Windows\SysNative\drivers\MfeEEFF.sys (McAfee, Inc.)
DRV:64bit: - (ImatDs) -- C:\Windows\SysNative\drivers\ImatDs.sys (McAfee, Inc.)
DRV:64bit: - (ImatDisk) -- C:\Windows\SysNative\drivers\ImatDisk.sys (McAfee, Inc.)
DRV:64bit: - (ImatDmk) -- C:\Windows\SysNative\drivers\ImatDmk.sys (McAfee, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120914221427.dll File not found
O4:64bit: - HKLM..\Run: [MfeFfCore] C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MetroTileShortcut] "C:\Program Files\McAfeeAntiTheft\2.2.279.5\McATUIHost.exe" /IMAT_SHORTCUTS File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O20:64bit: - AppInit_DLLs: (C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll) - C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll ()
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\MFAData
[2013.10.20 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
 
:Services
 
:Reg
 
:Files
ipconfig /flushdns /c
 
 
:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
 
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
 
 
Post the log from the fix and then run a new scan with OTL and post a new log please

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#13 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 14 November 2013 - 01:56 PM

Hi :)

 

I also think that it is McAfee the reason for the troubleshoot. Glad to know that there ain't any malware harming the system :) 

 

I did the scan and the OTL log is:

 

 

All processes killed
========== OTL ==========
Service mcpltsvc stopped successfully!
Service mcpltsvc deleted successfully!
C:\Programme\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe moved successfully.
Service McATScheduler stopped successfully!
Service McATScheduler deleted successfully!
File  C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe  not found.
Service MfeFfCoreService stopped successfully!
Service MfeFfCoreService deleted successfully!
C:\Programme\McAfee\Endpoint Encryption for Files and Folders\MfeFfcoreService.exe moved successfully.
Error: Unable to stop service MfeEEFFV!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MfeEEFFV deleted successfully.
C:\Windows\SysNative\drivers\MfeEEFFV.sys moved successfully.
Service MfeEEFF stopped successfully!
Service MfeEEFF deleted successfully!
C:\Windows\SysNative\drivers\MfeEEFF.sys moved successfully.
Error: Unable to stop service ImatDs!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDs deleted successfully.
C:\Windows\SysNative\drivers\ImatDs.sys moved successfully.
Error: Unable to stop service ImatDisk!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDisk deleted successfully.
C:\Windows\SysNative\drivers\ImatDisk.sys moved successfully.
Error: Unable to stop service ImatDmk!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImatDmk deleted successfully.
C:\Windows\SysNative\drivers\ImatDmk.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\ not found.
File C:\Program Files (x86)\Common Files\McAfee\SystemCore not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com deleted successfully.
C:\Program Files\McAfee\MSC folder moved successfully.
C:\Program Files\McAfee\Endpoint Encryption for Files and Folders folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MfeFfCore deleted successfully.
File C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mcpltui_exe deleted successfully.
C:\Programme\Common Files\McAfee\Platform\McUICnt.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MetroTileShortcut deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll deleted successfully.
File C:\Programme\McAfee\Endpoint Encryption for Files and Folders\ImatSup.dll not found.
C:\Users\Gina\AppData\Local\MFAData\logs folder moved successfully.
C:\Users\Gina\AppData\Local\MFAData folder moved successfully.
C:\ProgramData\MFAData\avibackup folder moved successfully.
C:\ProgramData\MFAData folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Gina\Desktop\cmd.bat deleted successfully.
C:\Users\Gina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Gina
->Java cache emptied: 142737 bytes
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gina
->Temp folder emptied: 2059253415 bytes
->Temporary Internet Files folder emptied: 265334905 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 386482489 bytes
->Flash cache emptied: 59014 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 979386433 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42733776 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.560,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142013_203658
 
Files\Folders moved on Reboot...
C:\Users\Gina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 November 2013 - 03:01 PM

Great, run a new scan with OTL and post the log please and lets make sure its all gone


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#15 gsu

gsu

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 14 November 2013 - 04:29 PM

the new log:

 

 

 
OTL logfile created on: 14.11.2013 23:17:10 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,17 Gb Available Physical Memory | 65,43% Memory free
15,80 Gb Paging File | 12,61 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,36 Gb Total Space | 547,55 Gb Free Space | 80,72% Space Free | Partition Type: NTFS
 
Computer Name: GINA-VAIO | User Name: Gina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Programme\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Programme\AuthenTec TrueSuite\BioMonitor.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll ()
MOD - C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll ()
MOD - C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll ()
MOD - C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (FPLService) -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe (AuthenTec, Inc)
SRV - (Intel® -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ActiveDelayDeviceService) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe (Sony Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{B7E317CF-29EE-4C4C-8FDB-7828A47F58D8}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gina\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.09.11 19:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Gina\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: TrueSuite (Enabled) = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gina\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: WhatFont = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm\2.0.2_0\
CHR - Extension: Ghostery = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Website Logon = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibgmhfiionbhpeidijmiildfjnbbkic\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2013.11.14 20:41:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Intel AT Service signup] c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A001267-9A48-4E03-903E-9D1DB5401011}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell - "" = AutoRun
O33 - MountPoints2\{da14460f-06e4-11e2-8e68-30f9edea482d}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.14 20:36:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.11.13 22:25:10 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\Malwarebytes
[2013.11.13 22:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.11.13 22:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.11.13 22:24:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.11.13 22:17:16 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Gina\Desktop\aswMBR.exe
[2013.11.09 11:57:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
[2013.11.07 22:01:54 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2013.11.06 22:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.11.06 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ElevatedDiagnostics
[2013.11.06 22:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.11.06 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Programs
[2013.11.06 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Gina\Documents\WebCam Media
[2013.11.06 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\ArcSoft
[2013.11.06 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\ArcSoft
[2013.11.06 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Local\Mozilla
[2013.11.06 19:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.10.20 15:03:31 | 000,000,000 | ---D | C] -- C:\Users\Gina\AppData\Roaming\TuneUp Software
[2013.10.20 13:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.10.20 13:05:20 | 000,000,000 | ---D | C] -- C:\51ba1d4f5e841ad9f6b9
[2013.10.16 19:36:10 | 000,000,000 | ---D | C] -- C:\af4b3e525e4de1e30ae16a1616d45ca9
[2013.10.16 16:06:10 | 000,000,000 | ---D | C] -- C:\62ecc920da52e10827242e
[2013.10.16 07:25:58 | 000,000,000 | ---D | C] -- C:\c8b659c083dd8b3ef2
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.14 23:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.14 22:55:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001UA.job
[2013.11.14 20:56:48 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.14 20:56:48 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.14 20:53:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.14 20:53:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.14 20:53:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.14 20:53:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.14 20:53:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.14 20:49:29 | 000,001,950 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.11.14 20:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.14 20:48:00 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.14 20:41:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.11.14 20:24:48 | 000,001,340 | ---- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.11.13 22:20:20 | 000,000,512 | ---- | M] () -- C:\Users\Gina\Desktop\MBR.dat
[2013.11.13 22:17:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Gina\Desktop\aswMBR.exe
[2013.11.13 22:15:30 | 000,293,124 | ---- | M] () -- C:\Users\Gina\Desktop\anti-theft.png
[2013.11.13 11:55:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549048556-947582508-511738072-1001Core.job
[2013.11.13 11:16:03 | 000,001,456 | ---- | M] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
[2013.11.09 11:43:12 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.11.05 21:01:34 | 005,095,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.11.13 22:20:19 | 000,000,512 | ---- | C] () -- C:\Users\Gina\Desktop\MBR.dat
[2013.11.13 22:15:30 | 000,293,124 | ---- | C] () -- C:\Users\Gina\Desktop\anti-theft.png
[2013.11.07 22:21:30 | 000,001,950 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2013.11.07 22:21:30 | 000,001,340 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.05.17 21:42:42 | 000,001,456 | ---- | C] () -- C:\Users\Gina\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.10 21:43:53 | 000,000,132 | ---- | C] () -- C:\Users\Gina\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.09.16 15:24:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.04.05 03:04:29 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.05 03:04:28 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.05 03:04:27 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.05 03:04:27 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2009.03.30 11:22:43 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\RGSGrowBounds.aex
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.03 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.16 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.08 21:41:14 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Downloaded Installations
[2013.10.25 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Dropbox
[2013.11.11 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\FileZilla
[2013.06.30 22:18:51 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\iolo
[2012.10.03 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\IrfanView
[2013.01.30 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Notepad++
[2013.01.07 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PACE Anti-Piracy
[2012.09.21 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\PDAppFlex
[2013.01.07 11:36:06 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Publish Providers
[2013.02.03 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\REAPER
[2013.05.05 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Sony
[2012.09.29 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.15 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Tific
[2013.10.20 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\TuneUp Software
[2013.01.16 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\Wacom
[2013.09.04 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher
[2013.01.16 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\PolicyDefinitions\de-DE\Explorer.adml
[2012.05.18 11:39:21 | 000,004,226 | ---- | M] () MD5=EE23420A7C0E74A9D316221F8BFB2477 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6049b4095286d3f\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009.06.10 21:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.3264.DMP  >
[2013.09.11 14:16:28 | 003,069,947 | ---- | M] () MD5=B3BF413BF6D1AAE502F0BA0969F48AB7 -- C:\Users\Gina\AppData\Local\CrashDumps\explorer.exe.3264.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\de-DE\explorer.exe.mui
[2012.05.18 11:39:06 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=64E8A52EA68A8C36D0152F3108DA02D0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8f6a2cb9e74c5d6\explorer.exe.mui
[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\SysWOW64\de-DE\explorer.exe.mui
[2012.05.18 11:39:08 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=EB67605F636687E5F3C988B0059A8C46 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c34b4d1dd2d587d1\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2013.01.09 02:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013.05.17 03:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012.11.14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012.06.29 06:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013.07.26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013.08.10 07:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013.02.22 08:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013.06.12 05:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2012.08.24 12:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013.06.12 01:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013.02.22 05:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013.08.10 07:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013.08.10 05:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013.05.17 02:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013.04.04 23:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013.02.22 05:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2013.08.10 06:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012.10.08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012.08.24 11:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012.06.29 03:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012.08.24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013.07.26 04:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013.02.02 09:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010.11.21 04:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013.07.26 06:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013.05.17 04:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2012.02.24 01:21:12 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012.06.29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013.06.12 03:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013.04.05 02:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013.02.02 05:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013.02.02 08:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013.06.05 16:00:04 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012.11.16 04:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013.02.22 08:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2013.04.04 22:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013.04.05 01:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010.11.21 04:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013.06.12 08:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013.06.05 16:00:01 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012.10.08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013.09.23 00:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013.09.23 01:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013.02.02 05:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013.07.26 06:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013.09.23 02:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012.06.29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013.05.17 04:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013.01.09 01:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013.01.08 22:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2012.02.24 01:21:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012.10.08 12:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012.11.14 03:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013.09.23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012.11.14 08:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c\iexplore.exe.mui
[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012.02.24 01:21:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_674bb56c67089ab9\iexplore.exe.mui
[2013.06.05 16:04:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_71a05fbe9b695cb4\iexplore.exe.mui
[2012.05.18 11:41:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_5e105a19c938bfa1\iexplore.exe.mui
[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=74EB5304DFC6E33B6C87D0688860B6BC -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6252687e84367fb4\iexplore.exe.mui
[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013.06.05 16:00:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013.06.05 16:00:05 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009.07.14 03:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2012.05.18 11:39:21 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=D74E70EF11B77E438111FE0C79AAFD97 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_de-de_6ca712d0b89741af\iexplore.exe.mui
[2009.07.14 03:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.AIP  >
[2012.11.21 01:09:36 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=456C45B1A2ECE8814987C4A4EA786413 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip
[2012.11.21 00:37:22 | 000,382,616 | ---- | M] (Adobe Systems Incorporated) MD5=87ACA12B41F894A8CAFD264A1FC9D1F0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip
 
< MD5 for: SERVICES.ASFX  >
[2012.07.27 21:52:04 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012.07.27 21:52:04 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012.07.27 21:51:54 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012.07.27 21:51:50 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012.07.27 21:51:52 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012.07.27 21:51:52 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012.07.27 21:51:58 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012.07.27 21:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012.07.27 21:51:40 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012.07.27 21:52:02 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013.09.03 14:54:18 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2012.07.27 21:51:38 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012.07.27 21:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013.09.03 14:54:20 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2012.07.27 21:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012.07.27 21:52:06 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012.07.27 21:51:56 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012.07.27 21:52:06 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012.07.27 21:52:08 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012.07.27 21:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012.07.27 21:52:00 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012.07.27 21:51:44 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012.07.27 21:52:00 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012.07.27 21:51:48 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012.07.27 21:51:46 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012.07.27 21:51:44 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2010.11.15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2010.11.15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2010.11.15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2010.11.15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2010.11.15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2010.11.15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2010.11.15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2010.11.15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2010.11.15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2010.11.15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2010.11.15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2010.11.15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2010.11.15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2010.11.15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2010.11.15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2010.11.15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2010.11.15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2010.11.15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2010.11.15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2010.11.15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2010.11.15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2010.11.15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2013.09.03 14:54:16 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2013.09.03 14:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010.10.25 14:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg
[2010.11.15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg
 
< MD5 for: SERVICES.CFSERVICE.JAR  >
[2012.03.16 02:33:04 | 000,142,226 | ---- | M] () MD5=18D9FCB12CE658BA4D24D8DC2D641BA6 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.CFService_4.6.1.335153\services.CFService.jar
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2012.05.18 11:39:04 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui
 
< MD5 for: SERVICES.HTM  >
[2007.02.11 16:52:50 | 000,013,720 | ---- | M] () MD5=5B1A2F8639E67EAAB32B5E446EDDA178 -- C:\Users\Gina\Desktop\Kolleg\2aKMTM\WLM_GAIS\Unterlagen\selfhtml812\intro\hilfsmittel\services.htm
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2012.05.18 11:39:03 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2012.05.18 11:39:04 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
 
< MD5 for: SERVICES.PHPSERVICE.JAR  >
[2012.03.16 02:33:06 | 000,149,053 | ---- | M] () MD5=EDDA59974541208844A9FE430268D469 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.PHPService_4.6.1.335153\services.PHPService.jar
 
< MD5 for: SERVICES.PTXML  >
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.STATICCONTENTSERVICE.JAR  >
[2012.03.16 02:33:06 | 000,072,917 | ---- | M] () MD5=15E17BFD2088059A73A22119D0D1613A -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.StaticContentService_4.6.1.335153\services.StaticContentService.jar
 
< MD5 for: SERVICES.WEBSERVICE.DERIVED.JAR  >
[2012.03.16 02:33:06 | 000,183,653 | ---- | M] () MD5=1BEE56EAF2A85F3662291392C8804E1E -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.WEBService.derived_4.6.1.335153\services.WEBService.derived.jar
 
< MD5 for: WINLOGON.ADML  >
[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\PolicyDefinitions\de-DE\WinLogon.adml
[2012.05.18 11:39:20 | 000,009,904 | ---- | M] () MD5=25AA9560CB997F785CDD845AD425D37D -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_48082d3607b4f4ab\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009.06.10 22:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\SysNative\de-DE\winlogon.exe.mui
[2012.05.18 11:39:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8354A33D8B5919047DAEB39F235E666E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_de-de_802dc1012bd7f0b6\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\SysNative\wbem\de-DE\winlogon.mfl
[2012.05.18 11:39:04 | 000,001,080 | ---- | M] () MD5=4AC5B532F44BAE30CBE41B7750954729 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_de-de_dbbeff044a21c6b1\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009.07.13 21:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013.11.14 20:48:00 | 2068,271,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.14 20:48:03 | 4189,351,935 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011.05.13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2012.09.28 17:38:45 | 000,001,654 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2009.03.30 11:22:43 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\RGSGrowBounds.aex
[2013.05.22 09:31:26 | 000,080,185 | ---- | M] () -- C:\Program Files (x86)\trapcodeparticularv2.log
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F449-682A
 Verzeichnis von C:\
14.07.2009  06:08    <VERBINDUNG>   Documents and Settings [C:\Users]
14.09.2012  14:02    <VERBINDUNG>   Dokumente und Einstellungen [C:\Users]
14.09.2012  14:02    <VERBINDUNG>   Programme [C:\Program Files]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files
14.09.2012  14:02    <VERBINDUNG>   Gemeinsame Dateien [C:\Program Files\Common Files]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files\Windows NT
14.09.2012  14:02    <VERBINDUNG>   Zubeh”r [C:\Program Files\Windows NT\Accessories]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Program Files (x86)\Evernote
18.05.2012  12:15    <SYMLINKD>     Evernote3.5 [C:\Program Files (x86)\Evernote\Evernote\]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\ProgramData]
14.07.2009  06:08    <VERBINDUNG>   Application Data [C:\ProgramData]
14.07.2009  06:08    <VERBINDUNG>   Desktop [C:\Users\Public\Desktop]
14.07.2009  06:08    <VERBINDUNG>   Documents [C:\Users\Public\Documents]
14.09.2012  14:02    <VERBINDUNG>   Dokumente [C:\Users\Public\Documents]
14.09.2012  14:02    <VERBINDUNG>   Favoriten [C:\Users\Public\Favorites]
14.07.2009  06:08    <VERBINDUNG>   Favorites [C:\Users\Public\Favorites]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.09.2012  14:02    <VERBINDUNG>   Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  06:08    <VERBINDUNG>   Templates [C:\ProgramData\Microsoft\Windows\Templates]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users
14.07.2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14.07.2009  06:08    <VERBINDUNG>   Default User [C:\Users\Default]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\ProgramData]
14.07.2009  06:08    <VERBINDUNG>   Application Data [C:\ProgramData]
14.07.2009  06:08    <VERBINDUNG>   Desktop [C:\Users\Public\Desktop]
14.07.2009  06:08    <VERBINDUNG>   Documents [C:\Users\Public\Documents]
14.09.2012  14:02    <VERBINDUNG>   Dokumente [C:\Users\Public\Documents]
14.09.2012  14:02    <VERBINDUNG>   Favoriten [C:\Users\Public\Favorites]
14.07.2009  06:08    <VERBINDUNG>   Favorites [C:\Users\Public\Favorites]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.09.2012  14:02    <VERBINDUNG>   Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009  06:08    <VERBINDUNG>   Templates [C:\ProgramData\Microsoft\Windows\Templates]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009  06:08    <VERBINDUNG>   Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009  06:08    <VERBINDUNG>   Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.09.2012  14:02    <VERBINDUNG>   Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.09.2012  14:02    <VERBINDUNG>   Eigene Dateien [C:\Users\Default\Documents]
14.07.2009  06:08    <VERBINDUNG>   Local Settings [C:\Users\Default\AppData\Local]
14.09.2012  14:02    <VERBINDUNG>   Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009  06:08    <VERBINDUNG>   My Documents [C:\Users\Default\Documents]
14.07.2009  06:08    <VERBINDUNG>   NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.09.2012  14:02    <VERBINDUNG>   Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009  06:08    <VERBINDUNG>   PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009  06:08    <VERBINDUNG>   Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009  06:08    <VERBINDUNG>   SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009  06:08    <VERBINDUNG>   Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.09.2012  14:02    <VERBINDUNG>   Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009  06:08    <VERBINDUNG>   Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Local
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009  06:08    <VERBINDUNG>   Application Data [C:\Users\Default\AppData\Local]
14.07.2009  06:08    <VERBINDUNG>   History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009  06:08    <VERBINDUNG>   Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
14.09.2012  14:02    <VERBINDUNG>   Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Default\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [C:\Users\Default\Pictures]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [C:\Users\Default\Music]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [C:\Users\Default\Videos]
14.07.2009  06:08    <VERBINDUNG>   My Music [C:\Users\Default\Music]
14.07.2009  06:08    <VERBINDUNG>   My Pictures [C:\Users\Default\Pictures]
14.07.2009  06:08    <VERBINDUNG>   My Videos [C:\Users\Default\Videos]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\Users\Gina\AppData\Roaming]
14.09.2012  14:02    <VERBINDUNG>   Cookies [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Cookies]
14.09.2012  14:02    <VERBINDUNG>   Druckumgebung [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.09.2012  14:02    <VERBINDUNG>   Eigene Dateien [C:\Users\Gina\Documents]
14.09.2012  14:02    <VERBINDUNG>   Lokale Einstellungen [C:\Users\Gina\AppData\Local]
14.09.2012  14:02    <VERBINDUNG>   Netzwerkumgebung [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.09.2012  14:02    <VERBINDUNG>   Recent [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Recent]
14.09.2012  14:02    <VERBINDUNG>   SendTo [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\SendTo]
14.09.2012  14:02    <VERBINDUNG>   Startmen [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu]
14.09.2012  14:02    <VERBINDUNG>   Vorlagen [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Templates]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\AppData\Local
14.09.2012  14:02    <VERBINDUNG>   Anwendungsdaten [C:\Users\Gina\AppData\Local]
14.09.2012  14:02    <VERBINDUNG>   Temporary Internet Files [C:\Users\Gina\AppData\Local\Microsoft\Windows\Temporary Internet Files]
14.09.2012  14:02    <VERBINDUNG>   Verlauf [C:\Users\Gina\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu
14.09.2012  14:02    <VERBINDUNG>   Programme [C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Gina\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [C:\Users\Gina\Pictures]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [C:\Users\Gina\Music]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [C:\Users\Gina\Videos]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\Public\Documents
14.09.2012  14:02    <VERBINDUNG>   Eigene Bilder [C:\Users\Public\Pictures]
14.09.2012  14:02    <VERBINDUNG>   Eigene Musik [C:\Users\Public\Music]
14.09.2012  14:02    <VERBINDUNG>   Eigene Videos [C:\Users\Public\Videos]
14.07.2009  06:08    <VERBINDUNG>   My Music [C:\Users\Public\Music]
14.07.2009  06:08    <VERBINDUNG>   My Pictures [C:\Users\Public\Pictures]
14.07.2009  06:08    <VERBINDUNG>   My Videos [C:\Users\Public\Videos]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser
18.05.2012  10:59    <VERBINDUNG>   Anwendungsdaten [C:\Users\UpdatusUser\AppData\Roaming]
18.05.2012  10:59    <VERBINDUNG>   Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
18.05.2012  10:59    <VERBINDUNG>   Druckumgebung [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18.05.2012  10:59    <VERBINDUNG>   Eigene Dateien [C:\Users\UpdatusUser\Documents]
18.05.2012  10:59    <VERBINDUNG>   Lokale Einstellungen [C:\Users\UpdatusUser\AppData\Local]
18.05.2012  10:59    <VERBINDUNG>   Netzwerkumgebung [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18.05.2012  10:59    <VERBINDUNG>   Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
18.05.2012  10:59    <VERBINDUNG>   SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
18.05.2012  10:59    <VERBINDUNG>   Startmen [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
18.05.2012  10:59    <VERBINDUNG>   Vorlagen [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\AppData\Local
18.05.2012  10:59    <VERBINDUNG>   Anwendungsdaten [C:\Users\UpdatusUser\AppData\Local]
18.05.2012  10:59    <VERBINDUNG>   Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
18.05.2012  10:59    <VERBINDUNG>   Verlauf [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu
18.05.2012  10:59    <VERBINDUNG>   Programme [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Users\UpdatusUser\Documents
18.05.2012  10:59    <VERBINDUNG>   Eigene Bilder [C:\Users\UpdatusUser\Pictures]
18.05.2012  10:59    <VERBINDUNG>   Eigene Musik [C:\Users\UpdatusUser\Music]
18.05.2012  10:59    <VERBINDUNG>   Eigene Videos [C:\Users\UpdatusUser\Videos]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\System32\config\systemprofile
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06.11.2013  21:53    <VERBINDUNG>   Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06.11.2013  21:53    <VERBINDUNG>   Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\System32\config\systemprofile\AppData\Local
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]
06.11.2013  21:53    <VERBINDUNG>   Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.11.2013  21:53    <VERBINDUNG>   Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\SysWOW64\config\systemprofile
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06.11.2013  21:53    <VERBINDUNG>   Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06.11.2013  21:53    <VERBINDUNG>   Lokale Einstellungen [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 Datei(en),              0 Bytes
 Verzeichnis von C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06.11.2013  21:53    <VERBINDUNG>   Anwendungsdaten [C:\Windows\system32\config\systemprofile\AppData\Local]
06.11.2013  21:53    <VERBINDUNG>   Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
06.11.2013  21:53    <VERBINDUNG>   Verlauf [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
               0 Datei(en),              0 Bytes
     Anzahl der angezeigten Dateien:
               0 Datei(en),              0 Bytes
             113 Verzeichnis(se), 587.930.431.488 Bytes frei
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012.09.14 15:49:07 | 000,000,221 | -HS- | M] () -- C:\Users\Gina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013.11.13 22:17:26 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Gina\Desktop\aswMBR.exe
[2013.11.09 11:57:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 3072 bytes -> C:\WINSSLog:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\Vegas Movie Studio HD Platinum 10.0:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\Sound Forge Audio Studio 10.0:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\Songs:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\Adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\ACID Music Studio 8.0:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Public\Documents\15 ACID Projects for VAIO:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Videos:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Searches:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Saved Games:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Roaming:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Podcasts:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Pictures:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Music:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Links:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Favorites:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Dropbox:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Downloads:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\WebCam Media:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Vegas Movie Studio HD Platinum 11.0 Projekte:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\REAPER Media:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Outlook-Dateien:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\OneNote-Notizbücher:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Neuer Ordner:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Media Go:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents\Add-in Express:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Documents:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Desktop\Stuff:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Desktop\MALTA:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Desktop\Kolleg:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Desktop:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\CS6 Master Collection:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Contacts:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\WTablet:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Wacom:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\vlc:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\TuneUp Software:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Tific:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Sony:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Sony Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Skype:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\REAPER:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Publish Providers:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\PDAppFlex:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\PACE Anti-Piracy:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\NVIDIA:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Notepad++:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Word:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Windows Photo Viewer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Vault:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\UProof:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Templates:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\SystemCertificates:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Speech:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\QuickStyles:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Publisher:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Publisher Building Blocks:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Protect:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Proof:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\PowerPoint:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\PostUpgrade:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Outlook:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\OneNote:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Office:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Network:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\MMC:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Microsoft Security Client:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Internet Explorer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\IMJP9_0:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\IMJP8_1:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\IMJP12:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\IME12:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\HTML Help:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Excel:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Document Building Blocks:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Crypto:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Credentials:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\CLView:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\CLR Security Config:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\Clip Organizer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft\AddIns:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Microsoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Media Center Programs:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Malwarebytes:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Macromedia:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\IrfanView:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\iolo:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Intel:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Intel Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Identities:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\FileZilla:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Dropbox:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Downloaded Installations:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\ArcSoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Apple Computer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Adobe\Bridge CS6\Export Panel\Services:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Roaming\Adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\LocalLow\Microsoft\Internet Explorer\Services:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\WinZip Courier:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\VirtualStore:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Temp:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Symantec:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Sony:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Sony Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Programs:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Peter_Upfold:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\PACE Anti-Piracy:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Mozilla:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Microsoft\Windows\Explorer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Microsoft\Windows Live\Services:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Microsoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Microsoft Help:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Intel_Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\HP:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Google:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Evernote:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\ElevatedDiagnostics:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Downloaded Installations:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Diagnostics:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Deployment:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\CrashDumps:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\assembly:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\ArcSoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Apps:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Apple:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Apple Computer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Adobe\Flash CS6\de_DE\Configuration\Classes\mx\services:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\Adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData\Local\3GV3Xl9KEZG:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\AppData:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users\Gina\Adobe Flash Builder 4.6:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Users:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Update:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\temp:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\WinZipEC:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\WildTangent:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Wacom:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Temp:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Sun:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Sony:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Sony Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Skype:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Roaming:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\regid.1986-12.com.adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\RedGiant:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\PCTheftDefense:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\PACE Anti-Piracy:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\NVIDIA:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\NVIDIA Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\NortonInstaller:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Norton:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Mozilla:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trapcode Particular v2:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64):IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Anti-Theft Service:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuthenTec TrueSuite:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Webcam Suite:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Microsoft Help:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\McAfee:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Malwarebytes:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Kaspersky Lab:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Kaspersky Lab Setup Files:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\iolo:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Intel:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\HP:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Evernote:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Downloaded Installations:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\ArcSoft:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Apple:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Apple Computer:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\ALM:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData\Adobe:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\ProgramData:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Program Files:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Program Files (x86):IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\PerfLogs:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\MSOCache:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Intel:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Infineon:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Documentation:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\Config.Msi:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\c8b659c083dd8b3ef2:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\af4b3e525e4de1e30ae16a1616d45ca9:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\8b442563dcfe529492edff11:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\62ecc920da52e10827242e:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\51ba1d4f5e841ad9f6b9:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\44e4cf7f1dd4e742e239f3a9d2:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\05a3be176cffb59915a67ceb1064:IMAT__DS_DIR_HDR
@Alternate Data Stream - 3072 bytes -> C:\_OTL:IMAT__DS_DIR_HDR
 
< End of report >

Related Topics




Also tagged with one or more of these keywords: anti virus software, anti virus, windows 7

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users