Here is the DDS file you requested.
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16968 BrowserJavaVersion: 10.7.2
Run by Christoph at 14:45:52 on 2012-11-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4078.2326 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://www.google.com/uDefault_Page_URL =
hxxp://www.aldi.commWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -
hxxp://download.microsoft.com/download/ ... ontrol.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} -
hxxp://photoservice.fujicolor.eu/ips-op ... jordan.cabDPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -
hxxp://www.battlefieldheroes.com/static ... .134.0.cabDPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} -
hxxps://battlefield.play4free.com/stati ... 0.80.2.cabDPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cabTCP: NameServer = 195.130.130.133 195.130.131.133
TCP: Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063} : DHCPNameServer = 195.130.130.133 195.130.131.133
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [snp2std] C:\Windows\vsnp2std.exe
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-11 17:50;
wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-16 17:07;
firefox@ghostery.com; C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\extensions\firefox@ghostery.com
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);C:\Windows\System32\drivers\appdrv01.sys [2011-4-23 2715824]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-20 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2010-12-20 164008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-2 254528]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-13 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc --> C:\Windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-12-20 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-12-20 51096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-12-20 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-12-20 42192]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-9 333928]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-11-14 13:36:45 -------- d-----w- C:\Users\Christoph\AppData\Roaming\Ashampoo
2012-11-14 06:36:07 -------- d-----w- C:\Users\Christoph\AppData\Local\{76B37424-72D6-4CC2-8ABC-40FD55830EC9}
2012-11-13 08:53:43 -------- d-----w- C:\Users\Christoph\AppData\Local\{FF3211F3-CAA9-4EFD-9F27-140316EC74F5}
2012-11-12 18:06:06 -------- d-----w- C:\Users\Christoph\AppData\Local\{A2C01B55-C67D-4C2F-99C6-FCA269B5BFCB}
2012-11-12 06:05:40 -------- d-----w- C:\Users\Christoph\AppData\Local\{7CAC3E6B-680D-45B5-ACE0-C7E663560C1F}
2012-11-11 13:06:39 -------- d-----w- C:\Users\Christoph\AppData\Local\{CF5E8102-F2B7-4E31-99ED-7423F6A994E8}
2012-11-10 14:59:36 -------- d-----w- C:\Users\Christoph\AppData\Local\{1BAEF50B-ABB5-41E6-8BF9-7220548EE8DA}
2012-11-09 21:40:42 -------- d-----w- C:\Users\Christoph\AppData\Local\{69DA47DC-E9FD-4E4B-AD83-EBE1A0D306DF}
2012-11-09 09:12:01 -------- d-----w- C:\Users\Christoph\AppData\Local\{EA247C4B-7625-49FC-B686-39F95447F748}
2012-11-08 06:01:55 -------- d-----w- C:\Users\Christoph\AppData\Local\{CE3695F1-9DC6-4B79-8153-B457084BD841}
2012-11-07 11:12:10 -------- d-----w- C:\Users\Christoph\AppData\Local\{D0265B0F-D46B-47BF-B976-5C4841A7717B}
2012-11-06 10:45:44 -------- d-----w- C:\Users\Christoph\AppData\Local\{983031A8-00C6-4828-907D-1E0D81F93B13}
2012-11-05 10:38:44 -------- d-----w- C:\Users\Christoph\AppData\Local\{8E0729BB-08BF-48C1-8B73-D90BB0324AAA}
2012-11-04 17:58:49 -------- d-----w- C:\Users\Christoph\AppData\Local\{524DCB80-F38E-4DE2-AC59-00DBC8E52A08}
2012-11-03 22:09:07 -------- d-----w- C:\Users\Christoph\AppData\Local\{BB38D73F-F1A0-4B9E-BA10-ED4693DAC925}
2012-11-03 09:46:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{8C3A3AEB-7B34-4FF5-A5F2-E4D90EA1CC2F}
2012-11-02 14:07:00 -------- d-----w- C:\Users\Christoph\AppData\Local\{68977FC4-7C4C-40EF-9A5B-45510718EA8F}
2012-11-01 20:48:56 -------- d-----w- C:\Users\Christoph\AppData\Local\{0616BC92-D667-4D5A-94D5-F4C526AE5AE3}
2012-11-01 06:01:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{88FE78C2-7375-4A6D-A1D9-67D519E99B11}
2012-10-31 13:00:44 -------- d-----w- C:\Users\Christoph\AppData\Local\{695AAF69-5C53-4DCF-BEB9-2AFD11DC31DC}
2012-10-30 20:17:40 -------- d-----w- C:\Users\Christoph\AppData\Local\{5EF79E80-DF26-42D6-94F7-6762AD5AFAD2}
2012-10-30 06:22:43 -------- d-----w- C:\Users\Christoph\AppData\Local\{C903897D-7060-4E10-9DBB-E9E26061FFE6}
2012-10-29 06:10:52 -------- d-----w- C:\Users\Christoph\AppData\Local\{C18CA093-592F-4FF4-AF56-D208988FE1DE}
2012-10-28 06:20:48 -------- d-----w- C:\Users\Christoph\AppData\Local\{DADDFBDB-5C97-4A48-9AC8-97AF7DD8D762}
2012-10-27 09:49:48 -------- d-----w- C:\Users\Christoph\AppData\Local\{9B3B9F6C-5C0B-46F3-A9F3-5D99EB62C044}
2012-10-27 09:18:41 -------- d-----w- C:\Users\Christoph\AppData\Local\{AE251702-3799-4F0E-9375-E2B434060D11}
2012-10-27 09:03:05 -------- d-----w- C:\Users\Christoph\AppData\Local\{1344181E-AC2C-4FFA-93C2-B1575AA908C3}
2012-10-26 08:08:27 -------- d-----w- C:\Users\Christoph\AppData\Local\{BE55FBB3-B296-49EA-84B7-5D7BAF63CC4C}
2012-10-25 13:51:49 -------- d-----w- C:\Users\Christoph\AppData\Local\{A9027ED9-643A-4743-9583-DED0F6358237}
2012-10-25 13:41:51 -------- d-----w- C:\Users\Christoph\AppData\Local\{F08215D8-F8E9-4038-A2A0-3A38CAC3E258}
2012-10-25 12:22:22 -------- d-----w- C:\Users\Christoph\AppData\Local\{D5414867-174C-49DA-A5E0-07206A3F697D}
2012-10-25 09:21:20 -------- d-----w- C:\Users\Christoph\AppData\Local\{1869FEC3-87CE-4B88-BCD6-9CB189DD9379}
2012-10-25 08:12:23 -------- d-----w- C:\Users\Christoph\AppData\Local\{20D76355-06A0-4641-9FD6-809569E0A4A0}
2012-10-25 05:37:06 -------- d-----w- C:\Users\Christoph\AppData\Local\{34758E6C-B36C-4FDF-B915-8ECD26A39E32}
2012-10-25 05:01:20 -------- d-----w- C:\Users\Christoph\AppData\Local\{D36DF28D-DADE-4194-9683-56097D7C4CC1}
2012-10-24 11:40:28 -------- d-----w- C:\Users\Christoph\AppData\Local\{EF14721A-3445-479A-9F99-7DDF061BDFE7}
2012-10-23 18:58:53 -------- d-----w- C:\Users\Christoph\AppData\Local\{ECB2EADD-DAE0-4E3F-A9C6-FE8EEA23B1FD}
2012-10-23 04:18:42 -------- d-----w- C:\Users\Christoph\AppData\Local\{CFDDD714-7F50-481A-ABC4-8BB74BF6E4E6}
2012-10-22 10:36:00 -------- d-----w- C:\Users\Christoph\AppData\Local\{7F56E933-4A76-4934-88FE-A744061A2A4D}
2012-10-21 11:48:08 -------- d-----w- C:\Users\Christoph\AppData\Local\{0F348324-887B-474D-B0C6-828B1107BF0D}
2012-10-18 15:00:23 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-16 14:31:16 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1EFB843-119B-4921-A28A-7093DC393F06}\mpengine.dll
2012-10-16 12:47:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-16 12:46:55 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-15 16:14:18 -------- d-----w- C:\Users\Christoph\AppData\Local\Macromedia
2012-10-15 16:13:10 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-11-13 16:11:35 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-13 16:11:35 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-13 16:11:29 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-25 15:19:06 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-16 12:46:46 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-15 16:13:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 14:47:45,51 ===============