| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LWWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2012, 11:00
| #1 |
| |  GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW Ich habe mir die OTL-ISO gezogen und bin gerade dabei sie auf einen USB Stick zu entpacken um dann von diesem zu booten. Log folgt. |
|
19.03.2012, 11:13
| #2 |
| | GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW Okay, nachdem der Stick fertig ist erhalte ich nur die Meldung: could not find kernel image.
__________________Der Stick wurde mit "unetbootin" erstellt. Hat jmd einen Rat für mich? |
|
19.03.2012, 13:52
| #3 |
| | GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW Mit flashboot hat es geklappt. Zur Zeit läuft der Scan. Ich poste dann gleich den Log.
__________________ |
|
19.03.2012, 13:56
| #4 |
| | GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/19/2012 2:43:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 19.05 Gb Free Space | 4.09% Space Free | Partition Type: NTFS
Drive D: | 64.79 Gb Total Space | 7.49 Gb Free Space | 11.56% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 49.47 Gb Free Space | 10.62% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 954.79 Gb Free Space | 51.25% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.28 Gb Free Space | 88.35% Space Free | Partition Type: FAT32
Drive H: | 168.09 Gb Total Space | 3.96 Gb Free Space | 2.36% Space Free | Partition Type: NTFS
Drive X: | 443.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/02/23 18:33:38 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto] -- D:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/08 13:29:56 | 000,204,288 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/21 05:08:01 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/13 13:19:10 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/19 11:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/15 10:01:20 | 000,065,536 | ---- | M] () [Auto] -- D:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/25 03:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- D:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/23 12:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/15 16:58:54 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/24 10:13:51 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/19 11:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/19 11:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/08 14:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 12:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 10:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/24 05:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 05:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/01 09:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/08/01 09:49:02 | 000,019,008 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System] -- D:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 29 DB 76 7B 00 CD 01 [binary data]
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0: D:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: D:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/12 05:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/23 13:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 12:48:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
O1 HOSTS File: ([2012/03/13 19:28:31 | 000,000,854 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] D:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] D:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [gema.] D:\ProgramData\gema\gema.exe ()
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\wOOdcuTTer_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\wOOdcuTTer_ON_D..\Run: [gema] D:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe ()
O4 - HKU\wOOdcuTTer_ON_D..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\wOOdcuTTer_ON_D..\Run: [RGSC] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\wOOdcuTTer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - D:\ProgramData\gema\gema.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\wOOdcuTTer_ON_D Winlogon: Shell - (C:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe) - D:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe ()
O20 - HKU\wOOdcuTTer_ON_D Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 18:47:46 | 000,000,036 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 14:17:09 | 000,000,000 | ---D | C] -- D:\1
[2012/03/15 05:38:20 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\gema
[2012/03/15 05:38:20 | 000,000,000 | ---D | C] -- D:\ProgramData\gema
[2012/03/14 15:56:31 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\wOOdcuTTer\Desktop\OTL.exe
[2012/03/14 13:34:01 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/14 13:34:01 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/14 05:12:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/14 05:12:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/14 05:12:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/14 05:12:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorets.dll
[2012/03/14 05:12:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/14 05:12:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:37:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2012/03/13 17:36:50 | 000,000,000 | ---D | C] -- D:\Program Files\Rainlendar2
[2012/03/12 16:51:14 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Nitro PDF
[2012/03/12 16:42:43 | 000,030,200 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon2.dll
[2012/03/12 16:42:43 | 000,018,424 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui2.dll
[2012/03/12 16:42:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Nitro PDF
[2012/03/12 16:40:46 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Downloaded Installations
[2012/03/11 19:32:37 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Screaming Bee
[2012/03/11 19:31:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012/03/11 19:31:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Screaming Bee
[2012/03/11 19:31:56 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Screaming Bee
[2012/03/09 22:00:40 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat
[2012/03/09 22:00:39 | 000,000,000 | ---D | C] -- D:\Windows\System32\Wat
[2012/03/06 19:55:58 | 000,000,000 | ---D | C] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/03/06 19:39:41 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
[2012/03/06 19:39:23 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe
[2012/03/06 19:37:19 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Adobe AIR
[2012/03/05 05:25:23 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Zig
[2012/03/05 05:25:23 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Ramib
[2012/02/25 11:00:31 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\ElevatedDiagnostics
[2012/02/24 08:22:39 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/02/24 08:22:12 | 000,000,000 | ---D | C] -- D:\ProgramData\Sony
[2012/02/24 08:22:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Sony
[2012/02/24 08:19:14 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/24 08:19:13 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2012/02/24 07:24:14 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Publish Providers
[2012/02/24 05:45:53 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\ControlCenter4
[2012/02/23 13:57:13 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\MPlayer
[2012/02/23 13:44:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2012/02/23 13:43:30 | 000,637,848 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\npdeployJava1.dll
[2012/02/23 13:43:30 | 000,223,112 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/02/23 13:43:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/02/23 13:43:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/02/23 13:40:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/02/23 13:40:58 | 000,000,000 | ---D | C] -- D:\ProgramData\PMS
[2012/02/23 13:40:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\PS3 Media Server
[2012/02/23 13:14:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/02/23 13:12:23 | 000,000,000 | ---D | C] -- D:\Brother
[2012/02/23 13:12:23 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\BrFaxRx
[2012/02/23 13:12:21 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- D:\Windows\SysWow64\BRCrypt.dll
[2012/02/23 13:12:15 | 000,000,000 | ---D | C] -- D:\ProgramData\ControlCenter4
[2012/02/23 13:12:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Browny02
[2012/02/23 13:12:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ControlCenter4
[2012/02/23 13:12:11 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BrMuSNMP.dll
[2012/02/23 13:12:11 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- D:\Windows\SysWow64\BrMfNt.dll
[2012/02/23 13:12:10 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrfxDA5c.dll
[2012/02/23 13:12:10 | 000,255,488 | ---- | C] (brother) -- D:\Windows\System32\NSSRH64.dll
[2012/02/23 13:12:10 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrNetSti.dll
[2012/02/23 13:12:10 | 000,058,880 | ---- | C] (Brother Industries,Ltd.) -- D:\Windows\System32\BrWiaNCp.dll
[2012/02/23 13:12:10 | 000,051,712 | ---- | C] (Brother Industries,Ltd) -- D:\Windows\System32\Brnsplg.dll
[2012/02/23 13:12:08 | 001,441,280 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrWi211a.dll
[2012/02/23 13:12:08 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrJDec.dll
[2012/02/23 13:12:00 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- D:\Windows\SysWow64\BRRBI110.EXE
[2012/02/23 13:12:00 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BRPRTINK.DLL
[2012/02/23 13:11:59 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BROSNMP.DLL
[2012/02/23 13:11:59 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BRLMW03A.DLL
[2012/02/23 13:11:59 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- D:\Windows\SysWow64\BRLM03A.DLL
[2012/02/23 13:11:53 | 000,217,088 | ---- | C] (brother) -- D:\Windows\SysWow64\NSSearch.dll
[2012/02/23 13:11:53 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2.dll
[2012/02/23 13:11:53 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2L.dll
[2012/02/23 13:11:53 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2S.dll
[2012/02/23 13:09:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Brother
[2012/02/23 12:40:24 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
[2012/02/23 12:40:24 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Brother
[2012/02/23 12:40:18 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\InstallShield
[2012/02/21 16:52:58 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\SKIDROW
[2012/02/21 16:39:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2012/02/21 05:05:09 | 000,000,000 | ---D | C] -- D:\ProgramData\EA Logs
[2012/02/20 09:31:46 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\Sony
[2012/02/20 09:31:45 | 000,000,000 | ---D | C] -- D:\Program Files\Sony
[2012/02/20 09:31:01 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Sony
[2012/02/19 00:27:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Warfare
[2012/02/18 23:40:57 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\Documents\Mount&Blade Warband Savegames
[2012/02/18 23:40:16 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\Documents\Mount&Blade Warband
[2012/02/18 23:40:16 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Mount&Blade Warband
========== Files - Modified Within 30 Days ==========
[2012/03/19 06:19:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/19 06:19:17 | 000,024,048 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:19:17 | 000,024,048 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:15:56 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/19 06:15:56 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/19 06:15:56 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/19 06:15:56 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/19 06:11:26 | 2123,878,399 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/18 19:37:29 | 004,981,216 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/17 19:05:10 | 000,249,929 | ---- | M] () -- D:\Windows\System32\gema.exe
[2012/03/17 17:06:52 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/17 17:06:52 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/03/17 17:06:36 | 000,280,904 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/15 06:27:43 | 000,039,137 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\GEZ.pdf
[2012/03/14 16:22:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/14 15:56:38 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\wOOdcuTTer\Desktop\OTL.exe
[2012/03/13 17:37:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2012/03/12 16:42:35 | 000,002,507 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/03/11 19:34:00 | 000,064,018 | -H-- | M] () -- D:\treeinfo.wc
[2012/03/11 19:31:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012/03/09 15:24:42 | 000,000,600 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\Standard.sfvidcap
[2012/03/06 19:40:33 | 000,001,096 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/03/06 19:39:20 | 000,001,192 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/03/06 19:39:03 | 000,001,285 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/03/06 19:37:51 | 000,001,386 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/03/06 19:37:46 | 000,001,558 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/03/06 19:37:21 | 000,001,000 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/03/05 04:29:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/24 08:27:49 | 000,002,688 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\Vegas Pro registrieren.htm
[2012/02/24 08:22:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/02/24 08:19:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/23 18:33:22 | 000,030,200 | ---- | M] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon2.dll
[2012/02/23 18:33:22 | 000,018,424 | ---- | M] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui2.dll
[2012/02/23 13:43:14 | 000,637,848 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\npdeployJava1.dll
[2012/02/23 13:43:14 | 000,567,184 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\deployJava1.dll
[2012/02/23 13:43:14 | 000,223,112 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/02/23 13:43:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/02/23 13:43:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/02/23 13:40:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/02/23 13:14:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/02/23 13:14:51 | 000,000,247 | ---- | M] () -- D:\Windows\Brpfx04a.ini
[2012/02/23 13:14:51 | 000,000,093 | ---- | M] () -- D:\Windows\brpcfx.ini
[2012/02/23 13:14:05 | 000,000,000 | ---- | M] () -- D:\Windows\BRPARAM.INI
[2012/02/23 13:12:23 | 000,000,066 | ---- | M] () -- D:\Windows\Brfaxrx.ini
[2012/02/23 12:40:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
[2012/02/21 16:39:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2012/02/21 05:08:01 | 000,076,888 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2012/02/19 00:27:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Warfare
========== Files Created - No Company Name ==========
[2012/03/15 06:27:42 | 000,039,137 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\GEZ.pdf
[2012/03/15 05:38:20 | 000,249,929 | ---- | C] () -- D:\Windows\System32\gema.exe
[2012/03/12 16:42:35 | 000,002,507 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/03/09 15:24:42 | 000,000,600 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\Standard.sfvidcap
[2012/03/06 19:40:33 | 000,001,096 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/03/06 19:39:20 | 000,001,192 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/03/06 19:39:03 | 000,001,285 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/03/06 19:37:51 | 000,001,386 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/03/06 19:37:46 | 000,001,558 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/03/06 19:37:21 | 000,001,000 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/24 08:27:49 | 000,002,688 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\Vegas Pro registrieren.htm
[2012/02/23 13:14:51 | 000,000,247 | ---- | C] () -- D:\Windows\Brpfx04a.ini
[2012/02/23 13:14:51 | 000,000,093 | ---- | C] () -- D:\Windows\brpcfx.ini
[2012/02/23 13:14:05 | 000,000,000 | ---- | C] () -- D:\Windows\BRPARAM.INI
[2012/02/23 13:12:11 | 000,000,066 | ---- | C] () -- D:\Windows\Brfaxrx.ini
[2012/02/23 13:12:10 | 000,143,360 | ---- | C] () -- D:\Windows\System32\BrSNMP64.dll
[2012/02/23 13:12:10 | 000,000,000 | ---- | C] () -- D:\Windows\brdfxspd.dat
[2012/02/23 13:12:01 | 000,045,056 | ---- | C] () -- D:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/23 13:11:59 | 000,000,114 | ---- | C] () -- D:\Windows\SysWow64\BRLMW03A.INI
[2012/02/14 13:43:08 | 000,000,023 | ---- | C] () -- D:\Windows\BlendSettings.ini
[2012/01/26 08:41:19 | 000,338,432 | ---- | C] () -- D:\Windows\SysWow64\sqlite36_engine.dll
[2012/01/16 16:44:24 | 000,003,584 | ---- | C] () -- D:\Users\wOOdcuTTer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 07:41:02 | 000,075,264 | ---- | C] () -- D:\Windows\cadkasdeinst01e.exe
[2012/01/14 14:06:53 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/11/17 19:40:14 | 000,007,593 | ---- | C] () -- D:\Users\wOOdcuTTer\AppData\Local\Resmon.ResmonCfg
[2011/11/17 18:50:48 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/11/17 18:50:46 | 000,022,523 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/11/17 18:50:46 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/11/07 11:08:19 | 000,282,864 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/11/07 11:08:17 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/11/06 09:17:38 | 000,000,432 | ---- | C] () -- D:\Windows\BRWMARK.INI
[2011/11/06 09:17:38 | 000,000,034 | ---- | C] () -- D:\Windows\SysWow64\BD2030.DAT
[2011/11/05 17:44:14 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 06:47:40 | 000,053,760 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2002/09/17 19:45:00 | 000,119,808 | ---- | C] () -- D:\Windows\lsb_un20.exe
========== LOP Check ==========
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2012/02/23 13:12:15 | 000,000,000 | ---D | M] -- D:\ProgramData\ControlCenter4
[2011/11/06 06:59:47 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/11/07 11:39:37 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/02/24 19:57:12 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2011/11/07 11:39:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2012/03/17 19:05:12 | 000,000,000 | ---D | M] -- D:\ProgramData\gema
[2012/03/12 16:42:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Nitro PDF
[2011/11/07 11:38:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/02/23 13:46:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMS
[2012/03/09 18:43:52 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/03/11 19:33:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Screaming Bee
[2011/11/17 19:59:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2012/02/24 08:22:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Sony
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/11/06 02:58:26 | 000,000,000 | ---D | M] -- D:\ProgramData\T-Online
[2012/01/02 16:50:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/14 13:53:02 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/11/05 17:10:11 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/03/19 14:17:14 | 000,000,000 | ---D | M] -- D:\1
[2011/11/05 16:50:30 | 000,000,000 | -HSD | M] -- D:\Boot
[2012/02/23 13:12:23 | 000,000,000 | ---D | M] -- D:\Brother
[2010/11/28 14:37:20 | 000,000,000 | ---D | M] -- D:\CrashReport
[2011/09/14 16:39:14 | 000,000,000 | ---D | M] -- D:\Dokumentation
[2011/06/25 07:09:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen
[2012/03/18 20:35:54 | 000,000,000 | ---D | M] -- D:\Downloads
[2009/04/14 11:34:33 | 000,000,000 | ---D | M] -- D:\Fraps
[2011/02/09 17:45:31 | 000,000,000 | ---D | M] -- D:\Intel
[2009/03/16 13:26:30 | 000,000,000 | ---D | M] -- D:\Lan-Upload
[2010/11/07 17:01:33 | 000,000,000 | ---D | M] -- D:\Logs
[2011/07/17 08:04:12 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/09/14 16:39:14 | 000,000,000 | ---D | M] -- D:\Produkt-Hinweise
[2012/03/13 17:36:50 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/12 16:42:33 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2012/03/15 05:38:20 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/02/01 20:02:03 | 000,000,000 | ---D | M] -- D:\Programme
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012/03/19 14:35:23 | 000,000,000 | -HSD | M] -- D:\RECYCLER
[2011/09/14 16:40:52 | 000,000,000 | ---D | M] -- D:\Siemens
[2011/09/14 16:50:44 | 000,000,000 | ---D | M] -- D:\SinuTrain
[2011/09/15 00:40:47 | 000,000,000 | ---D | M] -- D:\SI_TRAIN
[2012/03/16 19:00:24 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2009/03/27 14:27:45 | 000,000,000 | ---D | M] -- D:\Temp
[2011/09/15 00:41:17 | 000,000,000 | ---D | M] -- D:\tmp
[2011/11/05 17:21:01 | 000,000,000 | ---D | M] -- D:\totalcmd
[2011/11/05 17:09:50 | 000,000,000 | R--D | M] -- D:\Users
[2012/03/14 16:26:47 | 000,000,000 | ---D | M] -- D:\Windows
[2011/11/05 16:37:21 | 000,000,000 | ---D | M] -- D:\Windows.old
[2011/09/14 16:44:23 | 000,000,000 | ---D | M] -- D:\wop
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/05 08:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\Windows.old\Windows\system32\dllcache\agp440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\Windows.old\Windows\system32\drivers\agp440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/05 08:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\Windows.old\Windows\system32\drivers\atapi.sys
[2004/08/05 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/05 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- D:\Windows.old\Windows\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- D:\Windows.old\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 01:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- D:\Windows.old\Windows\system32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/04/14 01:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- D:\Windows.old\Windows\system32\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2008/04/14 01:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- D:\Windows.old\Windows\system32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2008/04/14 01:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- D:\Windows.old\Windows\system32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 09:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- D:\Windows.old\Windows\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004/08/05 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2004/08/05 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
19.03.2012, 13:58
| #5 |
| | GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/19/2012 2:43:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 19.05 Gb Free Space | 4.09% Space Free | Partition Type: NTFS
Drive D: | 64.79 Gb Total Space | 7.49 Gb Free Space | 11.56% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 49.47 Gb Free Space | 10.62% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 954.79 Gb Free Space | 51.25% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.28 Gb Free Space | 88.35% Space Free | Partition Type: FAT32
Drive H: | 168.09 Gb Total Space | 3.96 Gb Free Space | 2.36% Space Free | Partition Type: NTFS
Drive X: | 443.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/02/23 18:33:38 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto] -- D:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/08 13:29:56 | 000,204,288 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/21 05:08:01 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/13 13:19:10 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/19 11:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/15 10:01:20 | 000,065,536 | ---- | M] () [Auto] -- D:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/25 03:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- D:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/23 12:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand] -- D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/15 16:58:54 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/24 10:13:51 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/19 11:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/19 11:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/08 14:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 12:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 10:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/02/24 05:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 05:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/07/01 09:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/08/01 09:49:02 | 000,019,008 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System] -- D:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 29 DB 76 7B 00 CD 01 [binary data]
IE - HKU\wOOdcuTTer_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0: D:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF: D:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/12 05:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/02/23 13:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 12:48:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
O1 HOSTS File: ([2012/03/13 19:28:31 | 000,000,854 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] D:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] D:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [gema.] D:\ProgramData\gema\gema.exe ()
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\wOOdcuTTer_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\wOOdcuTTer_ON_D..\Run: [gema] D:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe ()
O4 - HKU\wOOdcuTTer_ON_D..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\wOOdcuTTer_ON_D..\Run: [RGSC] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\wOOdcuTTer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - D:\ProgramData\gema\gema.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\wOOdcuTTer_ON_D Winlogon: Shell - (C:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe) - D:\Users\wOOdcuTTer\AppData\Roaming\gema\gema.exe ()
O20 - HKU\wOOdcuTTer_ON_D Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 18:47:46 | 000,000,036 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/03/19 14:17:09 | 000,000,000 | ---D | C] -- D:\1
[2012/03/15 05:38:20 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\gema
[2012/03/15 05:38:20 | 000,000,000 | ---D | C] -- D:\ProgramData\gema
[2012/03/14 15:56:31 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Users\wOOdcuTTer\Desktop\OTL.exe
[2012/03/14 13:34:01 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/14 13:34:01 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/14 05:12:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/14 05:12:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/14 05:12:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/14 05:12:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorets.dll
[2012/03/14 05:12:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/14 05:12:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:37:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2012/03/13 17:36:50 | 000,000,000 | ---D | C] -- D:\Program Files\Rainlendar2
[2012/03/12 16:51:14 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Nitro PDF
[2012/03/12 16:42:43 | 000,030,200 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon2.dll
[2012/03/12 16:42:43 | 000,018,424 | ---- | C] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui2.dll
[2012/03/12 16:42:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Nitro PDF
[2012/03/12 16:42:33 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Nitro PDF
[2012/03/12 16:40:46 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Downloaded Installations
[2012/03/11 19:32:37 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Screaming Bee
[2012/03/11 19:31:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012/03/11 19:31:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Screaming Bee
[2012/03/11 19:31:56 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Screaming Bee
[2012/03/09 22:00:40 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat
[2012/03/09 22:00:39 | 000,000,000 | ---D | C] -- D:\Windows\System32\Wat
[2012/03/06 19:55:58 | 000,000,000 | ---D | C] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/03/06 19:39:41 | 000,000,000 | ---D | C] -- D:\Program Files\Adobe
[2012/03/06 19:39:23 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe
[2012/03/06 19:37:19 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Adobe AIR
[2012/03/05 05:25:23 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Zig
[2012/03/05 05:25:23 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Ramib
[2012/02/25 11:00:31 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\ElevatedDiagnostics
[2012/02/24 08:22:39 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/02/24 08:22:12 | 000,000,000 | ---D | C] -- D:\ProgramData\Sony
[2012/02/24 08:22:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Sony
[2012/02/24 08:19:14 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/24 08:19:13 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2012/02/24 07:24:14 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Publish Providers
[2012/02/24 05:45:53 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\ControlCenter4
[2012/02/23 13:57:13 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\MPlayer
[2012/02/23 13:44:00 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2012/02/23 13:43:30 | 000,637,848 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\npdeployJava1.dll
[2012/02/23 13:43:30 | 000,223,112 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/02/23 13:43:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/02/23 13:43:30 | 000,173,960 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/02/23 13:40:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/02/23 13:40:58 | 000,000,000 | ---D | C] -- D:\ProgramData\PMS
[2012/02/23 13:40:43 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\PS3 Media Server
[2012/02/23 13:14:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/02/23 13:12:23 | 000,000,000 | ---D | C] -- D:\Brother
[2012/02/23 13:12:23 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\BrFaxRx
[2012/02/23 13:12:21 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- D:\Windows\SysWow64\BRCrypt.dll
[2012/02/23 13:12:15 | 000,000,000 | ---D | C] -- D:\ProgramData\ControlCenter4
[2012/02/23 13:12:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Browny02
[2012/02/23 13:12:12 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ControlCenter4
[2012/02/23 13:12:11 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BrMuSNMP.dll
[2012/02/23 13:12:11 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- D:\Windows\SysWow64\BrMfNt.dll
[2012/02/23 13:12:10 | 000,290,304 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrfxDA5c.dll
[2012/02/23 13:12:10 | 000,255,488 | ---- | C] (brother) -- D:\Windows\System32\NSSRH64.dll
[2012/02/23 13:12:10 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrNetSti.dll
[2012/02/23 13:12:10 | 000,058,880 | ---- | C] (Brother Industries,Ltd.) -- D:\Windows\System32\BrWiaNCp.dll
[2012/02/23 13:12:10 | 000,051,712 | ---- | C] (Brother Industries,Ltd) -- D:\Windows\System32\Brnsplg.dll
[2012/02/23 13:12:08 | 001,441,280 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrWi211a.dll
[2012/02/23 13:12:08 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\System32\BrJDec.dll
[2012/02/23 13:12:00 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- D:\Windows\SysWow64\BRRBI110.EXE
[2012/02/23 13:12:00 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BRPRTINK.DLL
[2012/02/23 13:11:59 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BROSNMP.DLL
[2012/02/23 13:11:59 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- D:\Windows\SysWow64\BRLMW03A.DLL
[2012/02/23 13:11:59 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- D:\Windows\SysWow64\BRLM03A.DLL
[2012/02/23 13:11:53 | 000,217,088 | ---- | C] (brother) -- D:\Windows\SysWow64\NSSearch.dll
[2012/02/23 13:11:53 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2.dll
[2012/02/23 13:11:53 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2L.dll
[2012/02/23 13:11:53 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\SysWow64\BrDctF2S.dll
[2012/02/23 13:09:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Brother
[2012/02/23 12:40:24 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
[2012/02/23 12:40:24 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Brother
[2012/02/23 12:40:18 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\InstallShield
[2012/02/21 16:52:58 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\SKIDROW
[2012/02/21 16:39:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2012/02/21 05:05:09 | 000,000,000 | ---D | C] -- D:\ProgramData\EA Logs
[2012/02/20 09:31:46 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Local\Sony
[2012/02/20 09:31:45 | 000,000,000 | ---D | C] -- D:\Program Files\Sony
[2012/02/20 09:31:01 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Sony
[2012/02/19 00:27:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Warfare
[2012/02/18 23:40:57 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\Documents\Mount&Blade Warband Savegames
[2012/02/18 23:40:16 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\Documents\Mount&Blade Warband
[2012/02/18 23:40:16 | 000,000,000 | ---D | C] -- D:\Users\wOOdcuTTer\AppData\Roaming\Mount&Blade Warband
========== Files - Modified Within 30 Days ==========
[2012/03/19 06:19:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/19 06:19:17 | 000,024,048 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:19:17 | 000,024,048 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:15:56 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/19 06:15:56 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/19 06:15:56 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/19 06:15:56 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/19 06:11:26 | 2123,878,399 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/18 19:37:29 | 004,981,216 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/17 19:05:10 | 000,249,929 | ---- | M] () -- D:\Windows\System32\gema.exe
[2012/03/17 17:06:52 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/17 17:06:52 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/03/17 17:06:36 | 000,280,904 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/15 06:27:43 | 000,039,137 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\GEZ.pdf
[2012/03/14 16:22:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/14 15:56:38 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Users\wOOdcuTTer\Desktop\OTL.exe
[2012/03/13 17:37:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2012/03/12 16:42:35 | 000,002,507 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/03/11 19:34:00 | 000,064,018 | -H-- | M] () -- D:\treeinfo.wc
[2012/03/11 19:31:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012/03/09 15:24:42 | 000,000,600 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\Standard.sfvidcap
[2012/03/06 19:40:33 | 000,001,096 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/03/06 19:39:20 | 000,001,192 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/03/06 19:39:03 | 000,001,285 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/03/06 19:37:51 | 000,001,386 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/03/06 19:37:46 | 000,001,558 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/03/06 19:37:21 | 000,001,000 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/03/05 04:29:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/24 08:27:49 | 000,002,688 | ---- | M] () -- D:\Users\wOOdcuTTer\Documents\Vegas Pro registrieren.htm
[2012/02/24 08:22:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/02/24 08:19:14 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/23 18:33:22 | 000,030,200 | ---- | M] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalmon2.dll
[2012/02/23 18:33:22 | 000,018,424 | ---- | M] (Nitro PDF Software) -- D:\Windows\System32\nitrolocalui2.dll
[2012/02/23 13:43:14 | 000,637,848 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\npdeployJava1.dll
[2012/02/23 13:43:14 | 000,567,184 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\deployJava1.dll
[2012/02/23 13:43:14 | 000,223,112 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/02/23 13:43:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/02/23 13:43:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/02/23 13:40:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/02/23 13:14:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/02/23 13:14:51 | 000,000,247 | ---- | M] () -- D:\Windows\Brpfx04a.ini
[2012/02/23 13:14:51 | 000,000,093 | ---- | M] () -- D:\Windows\brpcfx.ini
[2012/02/23 13:14:05 | 000,000,000 | ---- | M] () -- D:\Windows\BRPARAM.INI
[2012/02/23 13:12:23 | 000,000,066 | ---- | M] () -- D:\Windows\Brfaxrx.ini
[2012/02/23 12:40:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
[2012/02/21 16:39:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2012/02/21 05:08:01 | 000,076,888 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2012/02/19 00:27:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Warfare
========== Files Created - No Company Name ==========
[2012/03/15 06:27:42 | 000,039,137 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\GEZ.pdf
[2012/03/15 05:38:20 | 000,249,929 | ---- | C] () -- D:\Windows\System32\gema.exe
[2012/03/12 16:42:35 | 000,002,507 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012/03/09 15:24:42 | 000,000,600 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\Standard.sfvidcap
[2012/03/06 19:40:33 | 000,001,096 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/03/06 19:39:20 | 000,001,192 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/03/06 19:39:03 | 000,001,285 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/03/06 19:37:51 | 000,001,386 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/03/06 19:37:46 | 000,001,558 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/03/06 19:37:21 | 000,001,000 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/24 08:27:49 | 000,002,688 | ---- | C] () -- D:\Users\wOOdcuTTer\Documents\Vegas Pro registrieren.htm
[2012/02/23 13:14:51 | 000,000,247 | ---- | C] () -- D:\Windows\Brpfx04a.ini
[2012/02/23 13:14:51 | 000,000,093 | ---- | C] () -- D:\Windows\brpcfx.ini
[2012/02/23 13:14:05 | 000,000,000 | ---- | C] () -- D:\Windows\BRPARAM.INI
[2012/02/23 13:12:11 | 000,000,066 | ---- | C] () -- D:\Windows\Brfaxrx.ini
[2012/02/23 13:12:10 | 000,143,360 | ---- | C] () -- D:\Windows\System32\BrSNMP64.dll
[2012/02/23 13:12:10 | 000,000,000 | ---- | C] () -- D:\Windows\brdfxspd.dat
[2012/02/23 13:12:01 | 000,045,056 | ---- | C] () -- D:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/23 13:11:59 | 000,000,114 | ---- | C] () -- D:\Windows\SysWow64\BRLMW03A.INI
[2012/02/14 13:43:08 | 000,000,023 | ---- | C] () -- D:\Windows\BlendSettings.ini
[2012/01/26 08:41:19 | 000,338,432 | ---- | C] () -- D:\Windows\SysWow64\sqlite36_engine.dll
[2012/01/16 16:44:24 | 000,003,584 | ---- | C] () -- D:\Users\wOOdcuTTer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 07:41:02 | 000,075,264 | ---- | C] () -- D:\Windows\cadkasdeinst01e.exe
[2012/01/14 14:06:53 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/11/17 19:40:14 | 000,007,593 | ---- | C] () -- D:\Users\wOOdcuTTer\AppData\Local\Resmon.ResmonCfg
[2011/11/17 18:50:48 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/11/17 18:50:46 | 000,022,523 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/11/17 18:50:46 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/11/07 11:08:19 | 000,282,864 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/11/07 11:08:17 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/11/06 09:17:38 | 000,000,432 | ---- | C] () -- D:\Windows\BRWMARK.INI
[2011/11/06 09:17:38 | 000,000,034 | ---- | C] () -- D:\Windows\SysWow64\BD2030.DAT
[2011/11/05 17:44:14 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 06:47:40 | 000,053,760 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2002/09/17 19:45:00 | 000,119,808 | ---- | C] () -- D:\Windows\lsb_un20.exe
========== LOP Check ==========
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2012/02/23 13:12:15 | 000,000,000 | ---D | M] -- D:\ProgramData\ControlCenter4
[2011/11/06 06:59:47 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/11/07 11:39:37 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/02/24 19:57:12 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2011/11/07 11:39:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2012/03/17 19:05:12 | 000,000,000 | ---D | M] -- D:\ProgramData\gema
[2012/03/12 16:42:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Nitro PDF
[2011/11/07 11:38:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/02/23 13:46:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMS
[2012/03/09 18:43:52 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/03/11 19:33:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Screaming Bee
[2011/11/17 19:59:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2012/02/24 08:22:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Sony
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/11/06 02:58:26 | 000,000,000 | ---D | M] -- D:\ProgramData\T-Online
[2012/01/02 16:50:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/14 13:53:02 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/11/05 17:10:11 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/03/19 14:17:14 | 000,000,000 | ---D | M] -- D:\1
[2011/11/05 16:50:30 | 000,000,000 | -HSD | M] -- D:\Boot
[2012/02/23 13:12:23 | 000,000,000 | ---D | M] -- D:\Brother
[2010/11/28 14:37:20 | 000,000,000 | ---D | M] -- D:\CrashReport
[2011/09/14 16:39:14 | 000,000,000 | ---D | M] -- D:\Dokumentation
[2011/06/25 07:09:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen
[2012/03/18 20:35:54 | 000,000,000 | ---D | M] -- D:\Downloads
[2009/04/14 11:34:33 | 000,000,000 | ---D | M] -- D:\Fraps
[2011/02/09 17:45:31 | 000,000,000 | ---D | M] -- D:\Intel
[2009/03/16 13:26:30 | 000,000,000 | ---D | M] -- D:\Lan-Upload
[2010/11/07 17:01:33 | 000,000,000 | ---D | M] -- D:\Logs
[2011/07/17 08:04:12 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/09/14 16:39:14 | 000,000,000 | ---D | M] -- D:\Produkt-Hinweise
[2012/03/13 17:36:50 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/12 16:42:33 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2012/03/15 05:38:20 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/02/01 20:02:03 | 000,000,000 | ---D | M] -- D:\Programme
[2011/11/05 17:09:36 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012/03/19 14:35:23 | 000,000,000 | -HSD | M] -- D:\RECYCLER
[2011/09/14 16:40:52 | 000,000,000 | ---D | M] -- D:\Siemens
[2011/09/14 16:50:44 | 000,000,000 | ---D | M] -- D:\SinuTrain
[2011/09/15 00:40:47 | 000,000,000 | ---D | M] -- D:\SI_TRAIN
[2012/03/16 19:00:24 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2009/03/27 14:27:45 | 000,000,000 | ---D | M] -- D:\Temp
[2011/09/15 00:41:17 | 000,000,000 | ---D | M] -- D:\tmp
[2011/11/05 17:21:01 | 000,000,000 | ---D | M] -- D:\totalcmd
[2011/11/05 17:09:50 | 000,000,000 | R--D | M] -- D:\Users
[2012/03/14 16:26:47 | 000,000,000 | ---D | M] -- D:\Windows
[2011/11/05 16:37:21 | 000,000,000 | ---D | M] -- D:\Windows.old
[2011/09/14 16:44:23 | 000,000,000 | ---D | M] -- D:\wop
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/05 08:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\Windows.old\Windows\system32\dllcache\agp440.sys
[2008/04/13 18:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\Windows.old\Windows\system32\drivers\agp440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/05 08:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\Windows.old\Windows\system32\drivers\atapi.sys
[2004/08/05 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/05 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows.old\Windows\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- D:\Windows.old\Windows\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2008/04/14 01:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- D:\Windows.old\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 01:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- D:\Windows.old\Windows\system32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/04/14 01:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- D:\Windows.old\Windows\system32\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2008/04/14 01:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- D:\Windows.old\Windows\system32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2008/04/14 01:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- D:\Windows.old\Windows\system32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 09:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- D:\Windows.old\Windows\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004/08/05 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2004/08/05 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- D:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
19.03.2012, 15:47
| #6 |
| | GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW Hab selbst alles wegbekommen. Thema erledigt. |
|
| Themen zu GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW |
| abgesicherter, abgesicherter modus, abgesicherter modus nicht möglich, entpacken, log, modus, nicht möglich, stick, troja, trojaner/virus, usb, usb stick |
