Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.04.2012, 07:25   #1
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



Hallo zusammen,

Ich bin neu hier, habe mir die Regeln und auch aehnliche Themen soweit durchgelesen, aber in meinem Fall handelt es sich wohl um eine spezielle Notsituation: sitze zur Zeit als Austauschstudent in Japan, hab mir vor einer Stunde diesen GemaVirus auf meinem normalen Laptop (Win7, meines Wissens 64 Bit) eingefangen und versuche jetzt mit dem Laptop meines chinesischen Zimmernachbars hier in halbwegs ordentlichem Deutsch mein Problem zu schildern:

1. Seit dem ersten Auftreten des Gemavirus erscheint ein Fenster mit dem Titel Dieses Programm kann die Webseite nicht anzeigen.
2. Das gleiche geschieht auch im abgesicherten Modus, ich bin also nicht in der Lage, irgendetwas an meinem PC zu machen. Auch Versuche, den Autostart im abgesicherten Modus mit Eingabeaufforderung zu unterbinden sind gescheitert.

Ich habe bereits einen Thread hier gefunden, in dem eine Loesung fuer ein aehnliches Problem bei Vista vorgebracht wurde, die aber die Verwendung der WinInstallationscd beinhaltete. Die liegt leider brav in Deutschland, gegenwaertig kann ich hoechstens einen leeren USBStick auftreiben.

Da ich meinen PC dringend fuer meine Forschungsarbeit benoetige, befinde ich mich gerade wirklich in einer extremen Zwickmuehle und waere euch sehr dankbar, wenn ihr mir weiterhelfen koenntet.

Vielen Dank!

Thomas

Alt 03.04.2012, 12:20   #2
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________

__________________

Alt 05.04.2012, 14:50   #3
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



Vielen Dank fuer die Antwort: Habe die Anweisungen befolgt und eine entsprechende CD gebrannt, beim Booten von Reatogo X PE bekomme ich beim hochfahren von WinXP folgende Fehlermeldung auf blauem Bildschirm:

A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time youve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove anly newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK / F to check for hard drive corruption, and then restart your computer.

Technical information>

``` STOP> 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

Bin wirklich ratlos, nach dem ersten Erfolgserlebnis beim booten schon Hoffnung geschoepft und jetzt das. Koennt ihr mir bitte weiterhelfen!?

Vielen Dank!
__________________

Alt 05.04.2012, 17:19   #4
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



hi
gehe mal ins bios, prüfe ob dort der ide oder ahci mode gewählt ist, stelle jeweils den gegenteiligen modus ein und probiers erneut mit otl.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.04.2012, 07:39   #5
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



So, endlich das Ganze zum Laufen bekommen, hier sind die Logs (leider nicht herausgefunden, wie ich die Logs in einen Code-Kasten packen kann):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/6/2012 10:31:12 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS
Drive D: | 119.14 Gb Total Space | 3.73 Gb Free Space | 3.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/12/03 06:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/02 07:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 11:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/10/19 09:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Disabled] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/10/19 09:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Disabled] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/07/27 08:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 08:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 08:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand] -- D:\Windows\System32\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 08:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/03/26 15:33:00 | 001,045,504 | ---- | M] ( ) [Disabled] -- D:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/28 20:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/10 13:48:07 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/23 13:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 13:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 07:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [Disabled] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/16 04:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/18 12:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/09/17 12:50:54 | 000,259,432 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 12:50:48 | 000,124,264 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/24 21:30:00 | 000,164,200 | ---- | M] (Lenovo.) [Disabled] -- D:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/08/24 21:30:00 | 000,075,112 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/05/03 07:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/03 07:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/04/24 06:46:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/26 15:33:00 | 000,593,920 | ---- | M] ( ) [Disabled] -- D:\Windows\SysWow64\lmabcoms.exe -- (lmab_device)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/18 08:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/17 08:17:08 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/12 07:43:05 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011/09/15 18:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/15 18:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/26 08:58:18 | 000,572,336 | ---- | M] (Paragon) [Kernel | System] -- D:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/07/26 08:58:18 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- D:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/07/26 08:58:16 | 000,352,816 | ---- | M] (Paragon) [Kernel | System] -- D:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/05/10 02:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/01 09:44:53 | 000,314,016 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/03/01 09:44:53 | 000,043,680 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/02/28 13:16:45 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/01/13 06:21:28 | 000,166,656 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/02 09:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 09:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 09:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 09:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/28 16:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/17 21:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/10/14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/07 09:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System] -- D:\Windows\System32\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 05:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/08/24 21:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/08/24 21:30:00 | 000,013,104 | ---- | M] () [Kernel | System] -- D:\Windows\System32\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/07/22 04:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2010/07/21 10:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/16 08:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 08:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/04/28 02:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/23 18:52:57 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/03/25 07:09:06 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/03/25 07:09:06 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/03/25 07:09:06 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/18 23:01:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- D:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/13 07:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto] -- D:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/10 16:27:25 | 000,120,320 | ---- | M] () [Kernel | System] -- D:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 4F 61 57 37 ED CB 01  [binary data]
IE - HKU\AS_ON_D\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKU\AS_ON_D\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\AS_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\AS_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "handelsblatt.com|www.nzz.ch|www.sz.de|faz.net|tagblatt.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6073ee7d0000000000000024d70ad4e5&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: D:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\AS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/10/07 16:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/10 16:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/10 16:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/08 05:39:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 01:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/28 08:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/08 05:40:00 | 000,000,000 | ---D | M]
 
[2010/04/23 18:53:39 | 000,000,000 | ---D | M] (No name found) -- D:\Users\AS\AppData\Roaming\Mozilla\Extensions
[2012/03/01 07:50:22 | 000,000,000 | ---D | M] (No name found) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions
[2012/02/15 22:04:22 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/10/12 13:21:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\battlefieldplay4free@ea.com
[2010/09/09 15:35:09 | 000,002,101 | ---- | M] () -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\googlede.xml
[2011/10/25 00:45:58 | 000,003,915 | ---- | M] () -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\sweetim.xml
[2012/01/11 01:45:38 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 19:26:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- D:\USERS\AS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOBMSWW8.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/19 01:10:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/15 09:06:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 08:27:49 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/13 08:27:49 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 08:27:49 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/13 08:27:49 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/13 08:27:49 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/13 08:27:49 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | R--- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} -  File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} -  File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} -  File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] D:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] D:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [LMPSSDMON] D:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] D:\Windows\System32\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Freecorder FLV Service]  File not found
O4 - HKLM..\Run: [gema.]  File not found
O4 - HKLM..\Run: [IMSS] D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PWMTRV] D:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] D:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\AS_ON_D..\Run: []  File not found
O4 - HKU\AS_ON_D..\Run: [AdobeBridge]  File not found
O4 - HKU\AS_ON_D..\Run: [gema] D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\AS_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - AS_ON_D\..Trusted Domains: unisg.ch ([serviceportal] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 220.220.248.1 220.220.248.9
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - D:\Windows\System32\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - D:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\AS_ON_D Winlogon: Shell - (C:\Users\AS\AppData\Roaming\gema\gema.exe) - D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O20 - HKU\AS_ON_D Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - D:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\T3AP.exe
O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EpaNt908\Setup.exe
O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell\AutoRun\command - "" = D:\Setup_German.exe
O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^AS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - D:\Users\AS\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - D:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LMab1err - hkey= - key= - D:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - D:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - D:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - D:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDFServiceEngine - hkey= - key= - D:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - D:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/06 10:19:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012/04/02 23:58:05 | 000,000,000 | ---D | C] -- D:\Users\AS\AppData\Roaming\gema
[2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Skype
[2012/03/22 15:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- D:\Windows\SysWow64\GPhotos.scr
[2012/03/21 00:59:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Rosetta Stone
[2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Rosetta Stone
[2012/03/19 23:53:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/19 23:52:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Google
[2012/03/12 14:59:39 | 000,000,000 | ---D | C] -- D:\Users\AS\Documents\Calibre Bibliothek
[2012/03/12 14:59:38 | 000,000,000 | ---D | C] -- D:\Users\AS\AppData\Roaming\calibre
[2012/03/12 14:58:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Calibre2
[2012/03/12 14:58:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2010/10/02 04:09:16 | 001,044,480 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabserv.dll
[2010/10/02 04:09:16 | 000,802,816 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcomc.dll
[2010/10/02 04:09:16 | 000,372,736 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcomm.dll
[2010/10/02 04:09:16 | 000,356,352 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabhcp.dll
[2010/10/02 04:09:15 | 000,593,920 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcoms.exe
[2005/12/05 13:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\dsetup32.dll
[2005/12/05 13:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\DXSETUP.exe
[2005/12/05 13:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\DSETUP.dll
[5 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[2 D:\Users\AS\Documents\*.tmp files -> D:\Users\AS\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/06 10:31:05 | 000,000,648 | ---- | M] () -- D:\Notes
[2012/04/05 08:36:27 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/04/05 05:12:28 | 000,000,418 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2012/04/05 03:34:29 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 03:34:29 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 03:27:21 | 3060,535,296 | -HS- | M] () -- D:\hiberfil.sys
[2012/04/03 00:09:43 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- D:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- D:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/02 18:30:10 | 000,715,660 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/04/02 18:30:10 | 000,669,726 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/02 18:30:10 | 000,154,264 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/04/02 18:30:10 | 000,126,878 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/28 19:25:47 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 03:07:30 | 000,806,384 | ---- | M] () -- D:\Users\AS\Desktop\Direction Softbank Store.jpg
[2012/03/22 15:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- D:\Windows\SysWow64\GPhotos.scr
[2012/03/21 00:59:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/03/20 20:46:18 | 000,167,551 | ---- | M] () -- D:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_Anian_Staebler.pdf
[2012/03/19 23:53:50 | 000,001,070 | ---- | M] () -- D:\Users\Public\Desktop\Picasa 3.lnk
[2012/03/19 23:53:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/12 14:58:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/03/12 14:58:22 | 000,000,920 | ---- | M] () -- D:\Users\Public\Desktop\calibre - E-book management.lnk
[5 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ]
[3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[2 D:\Users\AS\Documents\*.tmp files -> D:\Users\AS\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/06 10:31:05 | 000,000,648 | ---- | C] () -- D:\Notes
[2012/03/23 03:07:30 | 000,806,384 | ---- | C] () -- D:\Users\AS\Desktop\Direction Softbank Store.jpg
[2012/03/20 20:46:17 | 000,167,551 | ---- | C] () -- D:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_Anian_Staebler.pdf
[2012/03/19 23:53:50 | 000,001,070 | ---- | C] () -- D:\Users\Public\Desktop\Picasa 3.lnk
[2012/03/12 14:58:22 | 000,000,920 | ---- | C] () -- D:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/02/15 06:05:17 | 000,077,824 | ---- | C] () -- D:\Windows\KMService.exe
[2012/02/15 06:05:17 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/12/29 09:14:11 | 000,000,023 | ---- | C] () -- D:\Windows\BlendSettings.ini
[2011/12/12 13:00:53 | 000,043,520 | ---- | C] () -- D:\Windows\SysWow64\CmdLineExt03.dll
[2011/12/10 16:27:25 | 000,120,320 | ---- | C] () -- D:\Windows\SysWow64\drivers\SSHDRV65.sys
[2011/09/19 09:58:14 | 000,000,418 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2011/06/07 01:32:29 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/25 17:14:12 | 000,010,240 | ---- | C] () -- D:\Windows\SysWow64\vidx16.dll
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/03/19 10:18:57 | 000,066,856 | ---- | C] () -- D:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/19 09:54:55 | 000,867,020 | ---- | C] () -- D:\Windows\SysWow64\igkrng575.bin
[2011/03/19 09:54:44 | 000,105,408 | ---- | C] () -- D:\Windows\SysWow64\igfcg575m.bin
[2011/03/19 09:54:42 | 000,128,204 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng575.bin
[2010/12/10 09:09:45 | 000,234,768 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2010/12/10 09:09:42 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2010/11/10 17:05:39 | 000,000,132 | ---- | C] () -- D:\Users\AS\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/02 04:07:09 | 000,028,672 | ---- | C] () -- D:\Windows\hookdllX.dll
[2010/10/02 04:07:09 | 000,011,776 | ---- | C] () -- D:\Windows\SysWow64\pmsbfn32.dll
[2010/09/27 14:38:27 | 000,001,025 | ---- | C] () -- D:\Windows\SysWow64\sysprs7.dll
[2010/09/27 14:38:27 | 000,000,205 | ---- | C] () -- D:\Windows\SysWow64\lsprst7.dll
[2010/09/26 13:06:58 | 000,000,132 | ---- | C] () -- D:\Users\AS\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/03 10:25:00 | 000,000,756 | ---- | C] () -- D:\Users\AS\AppData\Eudora.lnk
[2010/07/10 10:04:47 | 000,320,000 | ---- | C] () -- D:\Windows\SysWow64\roboex32.dll
[2010/07/10 10:04:21 | 000,000,750 | RH-- | C] () -- D:\Windows\SysWow64\ttri.dat
[2010/06/02 00:22:54 | 001,412,902 | ---- | C] () -- D:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
[2010/06/02 00:22:54 | 001,127,217 | ---- | C] () -- D:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
[2010/06/02 00:22:54 | 000,273,960 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XAudio_x64.cab
[2010/06/02 00:22:54 | 000,272,611 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XAudio_x86.cab
[2010/06/02 00:22:54 | 000,182,361 | ---- | C] () -- D:\Program Files (x86)\OCT2006_XACT_x64.cab
[2010/06/02 00:22:54 | 000,138,017 | ---- | C] () -- D:\Program Files (x86)\OCT2006_XACT_x86.cab
[2010/06/02 00:22:52 | 001,906,878 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
[2010/06/02 00:22:52 | 001,550,796 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
[2010/06/02 00:22:52 | 000,965,421 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
[2010/06/02 00:22:52 | 000,121,794 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XACT_x64.cab
[2010/06/02 00:22:52 | 000,092,684 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XACT_x86.cab
[2010/06/02 00:22:52 | 000,054,522 | ---- | C] () -- D:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
[2010/06/02 00:22:52 | 000,021,851 | ---- | C] () -- D:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
[2010/06/02 00:22:50 | 000,994,154 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
[2010/06/02 00:22:50 | 000,196,762 | ---- | C] () -- D:\Program Files (x86)\NOV2007_XACT_x64.cab
[2010/06/02 00:22:50 | 000,148,264 | ---- | C] () -- D:\Program Files (x86)\NOV2007_XACT_x86.cab
[2010/06/02 00:22:50 | 000,046,144 | ---- | C] () -- D:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
[2010/06/02 00:22:50 | 000,018,496 | ---- | C] () -- D:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
[2010/06/02 00:22:48 | 001,802,058 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
[2010/06/02 00:22:48 | 001,709,360 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
[2010/06/02 00:22:48 | 000,864,600 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
[2010/06/02 00:22:48 | 000,803,884 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
[2010/06/02 00:22:48 | 000,273,018 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XAudio_x86.cab
[2010/06/02 00:22:46 | 000,275,044 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XAudio_x64.cab
[2010/06/02 00:22:46 | 000,121,506 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XACT_x64.cab
[2010/06/02 00:22:46 | 000,092,740 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XACT_x86.cab
[2010/06/02 00:22:38 | 000,054,600 | ---- | C] () -- D:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
[2010/06/02 00:22:38 | 000,021,298 | ---- | C] () -- D:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
[2010/06/02 00:22:36 | 001,973,702 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
[2010/06/02 00:22:36 | 001,612,446 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
[2010/06/02 00:22:36 | 001,067,160 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
[2010/06/02 00:22:36 | 001,040,745 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
[2010/06/02 00:22:36 | 000,251,194 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XAudio_x64.cab
[2010/06/02 00:22:36 | 000,226,250 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XAudio_x86.cab
[2010/06/02 00:22:36 | 000,122,336 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XACT_x64.cab
[2010/06/02 00:22:36 | 000,093,734 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XACT_x86.cab
[2010/06/02 00:22:34 | 001,769,862 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
[2010/06/02 00:22:34 | 001,443,282 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
[2010/06/02 00:22:34 | 000,818,260 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
[2010/06/02 00:22:34 | 000,055,058 | ---- | C] () -- D:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
[2010/06/02 00:22:34 | 000,021,867 | ---- | C] () -- D:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
[2010/06/02 00:22:32 | 000,937,246 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
[2010/06/02 00:22:32 | 000,844,884 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
[2010/06/02 00:22:32 | 000,768,036 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
[2010/06/02 00:22:32 | 000,278,060 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XAudio_x86.cab
[2010/06/02 00:22:32 | 000,277,338 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XAudio_x64.cab
[2010/06/02 00:22:32 | 000,124,596 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XACT_x64.cab
[2010/06/02 00:22:32 | 000,093,686 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XACT_x86.cab
[2010/06/02 00:22:30 | 000,762,188 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 00:22:30 | 000,235,955 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
[2010/06/02 00:22:30 | 000,197,283 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
[2010/06/02 00:22:30 | 000,138,205 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
[2010/06/02 00:22:30 | 000,109,445 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
[2010/06/02 00:22:28 | 000,944,460 | ---- | C] () -- D:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 00:22:28 | 000,931,471 | ---- | C] () -- D:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 00:22:28 | 000,752,783 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 00:22:20 | 000,269,024 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XAudio_x86.cab
[2010/06/02 00:22:18 | 001,792,608 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
[2010/06/02 00:22:18 | 001,463,878 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
[2010/06/02 00:22:18 | 000,867,828 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
[2010/06/02 00:22:18 | 000,849,919 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
[2010/06/02 00:22:18 | 000,269,628 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XAudio_x64.cab
[2010/06/02 00:22:18 | 000,152,909 | ---- | C] () -- D:\Program Files (x86)\JUN2007_XACT_x86.cab
[2010/06/02 00:22:18 | 000,121,054 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XACT_x64.cab
[2010/06/02 00:22:18 | 000,093,128 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XACT_x86.cab
[2010/06/02 00:22:18 | 000,055,154 | ---- | C] () -- D:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
[2010/06/02 00:22:18 | 000,021,905 | ---- | C] () -- D:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
[2010/06/02 00:22:16 | 001,607,774 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
[2010/06/02 00:22:16 | 001,607,286 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
[2010/06/02 00:22:16 | 000,699,044 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
[2010/06/02 00:22:16 | 000,698,472 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
[2010/06/02 00:22:16 | 000,197,122 | ---- | C] () -- D:\Program Files (x86)\JUN2007_XACT_x64.cab
[2010/06/02 00:22:16 | 000,180,785 | ---- | C] () -- D:\Program Files (x86)\JUN2006_XACT_x64.cab
[2010/06/02 00:22:16 | 000,133,671 | ---- | C] () -- D:\Program Files (x86)\JUN2006_XACT_x86.cab
[2010/06/02 00:22:14 | 000,277,191 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XAudio_x86.cab
[2010/06/02 00:22:14 | 000,276,960 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XAudio_x64.cab
[2010/06/02 00:22:14 | 000,122,446 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XACT_x64.cab
[2010/06/02 00:22:14 | 000,093,180 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XACT_x86.cab
[2010/06/02 00:22:12 | 000,194,675 | ---- | C] () -- D:\Program Files (x86)\FEB2007_XACT_x64.cab
[2010/06/02 00:22:12 | 000,147,983 | ---- | C] () -- D:\Program Files (x86)\FEB2007_XACT_x86.cab
[2010/06/02 00:22:12 | 000,054,678 | ---- | C] () -- D:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
[2010/06/02 00:22:12 | 000,020,713 | ---- | C] () -- D:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
[2010/06/02 00:22:10 | 000,178,359 | ---- | C] () -- D:\Program Files (x86)\Feb2006_XACT_x64.cab
[2010/06/02 00:22:10 | 000,132,409 | ---- | C] () -- D:\Program Files (x86)\Feb2006_XACT_x86.cab
[2010/06/02 00:22:04 | 001,084,720 | ---- | C] () -- D:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
[2010/06/02 00:22:02 | 001,574,376 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
[2010/06/02 00:22:02 | 001,362,796 | ---- | C] () -- D:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
[2010/06/02 00:22:02 | 000,192,475 | ---- | C] () -- D:\Program Files (x86)\DEC2006_XACT_x64.cab
[2010/06/02 00:22:02 | 000,145,599 | ---- | C] () -- D:\Program Files (x86)\DEC2006_XACT_x86.cab
[2010/06/02 00:22:00 | 001,571,154 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
[2010/06/02 00:22:00 | 000,273,264 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XAudio_x64.cab
[2010/06/02 00:22:00 | 000,272,642 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XAudio_x86.cab
[2010/06/02 00:22:00 | 000,212,807 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
[2010/06/02 00:22:00 | 000,191,720 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
[2010/06/02 00:22:00 | 000,122,408 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XACT_x64.cab
[2010/06/02 00:22:00 | 000,093,106 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XACT_x86.cab
[2010/06/02 00:21:58 | 000,930,116 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
[2010/06/02 00:21:58 | 000,728,456 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
[2010/06/02 00:21:58 | 000,232,635 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
[2010/06/02 00:21:58 | 000,192,131 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
[2010/06/02 00:21:58 | 000,136,301 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
[2010/06/02 00:21:58 | 000,105,044 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
[2010/06/02 00:21:56 | 003,319,740 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 00:21:56 | 003,112,111 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 00:21:56 | 000,900,598 | ---- | C] () -- D:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 00:21:46 | 000,919,044 | ---- | C] () -- D:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 00:21:46 | 000,271,412 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XAudio_x64.cab
[2010/06/02 00:21:46 | 000,271,038 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XAudio_x86.cab
[2010/06/02 00:21:44 | 001,794,084 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
[2010/06/02 00:21:44 | 001,464,672 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
[2010/06/02 00:21:44 | 000,849,167 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
[2010/06/02 00:21:44 | 000,198,096 | ---- | C] () -- D:\Program Files (x86)\AUG2007_XACT_x64.cab
[2010/06/02 00:21:44 | 000,153,012 | ---- | C] () -- D:\Program Files (x86)\AUG2007_XACT_x86.cab
[2010/06/02 00:21:44 | 000,121,772 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XACT_x64.cab
[2010/06/02 00:21:44 | 000,092,996 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XACT_x86.cab
[2010/06/02 00:21:42 | 001,800,160 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
[2010/06/02 00:21:42 | 001,708,152 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
[2010/06/02 00:21:42 | 000,867,612 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
[2010/06/02 00:21:42 | 000,852,286 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
[2010/06/02 00:21:42 | 000,796,867 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
[2010/06/02 00:21:40 | 000,182,903 | ---- | C] () -- D:\Program Files (x86)\AUG2006_XACT_x64.cab
[2010/06/02 00:21:40 | 000,137,235 | ---- | C] () -- D:\Program Files (x86)\AUG2006_XACT_x86.cab
[2010/06/02 00:21:40 | 000,087,142 | ---- | C] () -- D:\Program Files (x86)\AUG2006_xinput_x64.cab
[2010/06/02 00:21:40 | 000,053,302 | ---- | C] () -- D:\Program Files (x86)\APR2007_xinput_x86.cab
[2010/06/02 00:21:40 | 000,046,058 | ---- | C] () -- D:\Program Files (x86)\AUG2006_xinput_x86.cab
[2010/06/02 00:21:38 | 001,606,039 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
[2010/06/02 00:21:38 | 000,195,766 | ---- | C] () -- D:\Program Files (x86)\APR2007_XACT_x64.cab
[2010/06/02 00:21:38 | 000,151,225 | ---- | C] () -- D:\Program Files (x86)\APR2007_XACT_x86.cab
[2010/06/02 00:21:38 | 000,096,817 | ---- | C] () -- D:\Program Files (x86)\APR2007_xinput_x64.cab
[2010/06/02 00:21:36 | 001,607,358 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
[2010/06/02 00:21:36 | 000,698,612 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
[2010/06/02 00:21:36 | 000,695,865 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
[2010/06/02 00:21:34 | 000,046,010 | ---- | C] () -- D:\Program Files (x86)\Apr2006_xinput_x86.cab
[2010/06/02 00:21:20 | 000,087,101 | ---- | C] () -- D:\Program Files (x86)\Apr2006_xinput_x64.cab
[2010/06/02 00:21:18 | 004,162,630 | ---- | C] () -- D:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 00:21:18 | 000,916,430 | ---- | C] () -- D:\Program Files (x86)\Apr2006_MDX1_x86.cab
[2010/06/02 00:21:18 | 000,179,133 | ---- | C] () -- D:\Program Files (x86)\Apr2006_XACT_x64.cab
[2010/06/02 00:21:18 | 000,133,103 | ---- | C] () -- D:\Program Files (x86)\Apr2006_XACT_x86.cab
[2010/06/02 00:21:16 | 001,397,830 | ---- | C] () -- D:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
[2010/06/02 00:21:16 | 001,115,221 | ---- | C] () -- D:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
[2010/05/09 06:49:16 | 000,000,162 | ---- | C] () -- D:\Windows\Readiris.ini
[2010/05/09 06:07:39 | 000,120,200 | ---- | C] () -- D:\Windows\SysWow64\DLLDEV32i.dll
[2010/05/09 06:07:27 | 000,007,103 | ---- | C] () -- D:\Windows\mgxoschk.ini
[2010/05/08 14:34:23 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini
[2010/05/02 09:16:44 | 000,006,144 | ---- | C] () -- D:\Users\AS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 13:17:23 | 000,000,056 | -H-- | C] () -- D:\Windows\SysWow64\ezsidmv.dat
[2010/04/28 05:44:54 | 001,639,670 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/06/07 07:27:20 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\vbzlib1.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys
[2005/12/05 13:28:30 | 003,673,932 | ---- | C] () -- D:\Program Files (x86)\Dec2005_MDX1_x86_Archive.cab
[2005/12/05 13:28:04 | 001,358,864 | ---- | C] () -- D:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
[2005/12/05 13:28:02 | 000,086,925 | ---- | C] () -- D:\Program Files (x86)\Oct2005_xinput_x64.cab
[2005/12/05 13:28:02 | 000,046,247 | ---- | C] () -- D:\Program Files (x86)\Oct2005_xinput_x86.cab
[2005/12/05 13:28:02 | 000,041,888 | ---- | C] () -- D:\Program Files (x86)\dxdllreg_x86.cab
[2005/12/05 13:28:00 | 000,916,806 | ---- | C] () -- D:\Program Files (x86)\Dec2005_MDX1_x86.cab
[2005/12/05 13:27:58 | 001,080,344 | ---- | C] () -- D:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
[2005/12/05 13:00:46 | 000,081,092 | ---- | C] () -- D:\Program Files (x86)\dxupdate.cab
[2005/12/05 13:00:44 | 001,351,430 | ---- | C] () -- D:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
[2005/12/05 13:00:44 | 001,348,242 | ---- | C] () -- D:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
[2005/12/05 13:00:44 | 001,336,890 | ---- | C] () -- D:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
[2005/12/05 13:00:44 | 001,248,387 | ---- | C] () -- D:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
[2005/12/05 13:00:44 | 001,079,850 | ---- | C] () -- D:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
[2005/12/05 13:00:44 | 001,078,532 | ---- | C] () -- D:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
[2005/12/05 13:00:44 | 001,065,813 | ---- | C] () -- D:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
[2005/12/05 13:00:44 | 001,014,113 | ---- | C] () -- D:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
[2005/12/05 13:00:42 | 013,265,040 | ---- | C] () -- D:\Program Files (x86)\dxnt.cab
[2005/12/05 13:00:40 | 015,493,481 | ---- | C] () -- D:\Program Files (x86)\DirectX.cab
[2005/12/05 13:00:40 | 001,156,363 | ---- | C] () -- D:\Program Files (x86)\BDANT.cab
[2005/12/05 13:00:40 | 000,976,020 | ---- | C] () -- D:\Program Files (x86)\BDAXP.cab
[2005/12/05 13:00:40 | 000,703,080 | ---- | C] () -- D:\Program Files (x86)\BDA.cab
[2003/11/17 10:30:01 | 000,286,208 | ---- | C] () -- D:\Windows\SysWow64\CNCS232.DLL
 
========== LOP Check ==========
 
[2011/10/15 08:10:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Age of Empires 3
[2012/01/07 17:00:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Airline Tycoon 2
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/12/10 11:15:02 | 000,000,000 | ---D | M] -- D:\ProgramData\BioWare
[2011/03/10 05:02:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/10/10 12:13:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Conexant
[2012/03/21 21:16:03 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2010/07/08 16:24:40 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- D:\ProgramData\explauncher
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/11/27 08:09:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Firefly Studios
[2011/10/05 05:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\id Software
[2011/02/14 18:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Installations
[2010/07/10 10:00:04 | 000,000,000 | ---D | M] -- D:\ProgramData\LANGMaster
[2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- D:\ProgramData\launcher
[2010/05/02 09:22:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Lenovo
[2010/05/09 06:19:37 | 000,000,000 | ---D | M] -- D:\ProgramData\MAGIX
[2011/02/14 18:09:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2011/06/08 05:48:32 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaAccount
[2010/09/20 12:46:55 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2010/04/24 04:48:04 | 000,000,000 | ---D | M] -- D:\ProgramData\OviInstallerCache
[2011/09/19 05:20:25 | 000,000,000 | ---D | M] -- D:\ProgramData\p2panalysis
[2010/09/20 03:20:18 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2011/05/06 04:56:48 | 000,000,000 | ---D | M] -- D:\ProgramData\PC-Doctor for Windows
[2012/03/19 23:23:16 | 000,000,000 | ---D | M] -- D:\ProgramData\PCDr
[2010/10/04 05:08:14 | 000,000,000 | ---D | M] -- D:\ProgramData\PCSettings
[2011/03/16 07:43:02 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2010/09/20 01:46:38 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2010/09/10 10:19:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Roaming
[2012/03/25 17:34:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Rosetta Stone
[2010/09/27 14:44:01 | 000,000,000 | ---D | M] -- D:\ProgramData\SafeNet Sentinel
[2010/04/24 05:29:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2010/09/27 14:39:58 | 000,000,000 | ---D | M] -- D:\ProgramData\SPSS
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/12/13 18:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages
[2010/09/14 04:48:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/04/06 04:04:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/10/26 08:24:41 | 000,000,000 | -H-D | M] -- D:\ProgramData\{51FF211C-C5CA-4891-947B-39860CCE391A}
[2010/04/24 05:18:26 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- D:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/10 16:30:09 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- D:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/12/11 08:12:18 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011/09/19 05:20:44 | 000,000,000 | ---D | M] -- D:\archive_db
[2012/04/02 14:18:55 | 000,000,000 | -HSD | M] -- D:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2010/04/23 18:34:32 | 000,000,000 | ---D | M] -- D:\DRIVERS
[2010/09/19 08:22:53 | 000,000,000 | ---D | M] -- D:\faed1437818ec439abe50a
[2010/12/20 02:13:09 | 000,000,000 | -HSD | M] -- D:\found.000
[2011/02/03 15:56:23 | 000,000,000 | -HSD | M] -- D:\found.001
[2011/03/17 07:39:23 | 000,000,000 | -HSD | M] -- D:\found.002
[2011/10/10 12:09:18 | 000,000,000 | -HSD | M] -- D:\found.003
[2011/09/28 04:13:22 | 000,000,000 | ---D | M] -- D:\Games
[2010/04/24 01:10:48 | 000,000,000 | ---D | M] -- D:\Intel
[2010/11/02 05:52:38 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/12/31 09:31:34 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/21 00:59:03 | 000,000,000 | ---D | M] -- D:\Program Files (x86)
[2012/04/06 10:19:52 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Programme
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012/04/06 10:19:37 | 000,000,000 | -HSD | M] -- D:\RECYCLER
[2011/03/19 10:06:37 | 000,000,000 | ---D | M] -- D:\SWTOOLS
[2012/04/02 14:10:26 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011/09/19 13:19:06 | 000,000,000 | ---D | M] -- D:\temp
[2011/12/02 03:39:36 | 000,000,000 | ---D | M] -- D:\Users
[2012/02/15 06:05:17 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\DRIVERS\WIN\IRST64\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Program Files (x86)\Lenovo\System Update\session\6mio25ww\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Windows\System32\drivers\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4bd470085ec821d5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys\lockedfiles >
 
< %systemroot%\system32\config\*.sav >
 
< %systemroot%\system32\*.dll\lockedfiles >
 
Invalid Environment Variable: %USERPROFILE\*.*
 
Invalid Environment Variable: %USERPROFILE\Local Settings\Temp\*.*exe
 
Invalid Environment Variable: %USERPROFILE\Local Settings\Temp\*.*dll
 
Invalid Environment Variable: %USERPROFILE\Application Data\*.exe
< End of report >
         
--- --- ---


Was sind die nächsten Schritte, die ich unternehmen muss? Vielen Dank für eure Hilfe!


Alt 06.04.2012, 16:35   #6
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\AS_ON_D..\Run: [gema] D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O20 - HKU\AS_ON_D Winlogon: Shell - (C:\Users\AS\AppData\Roaming\gema\gema.exe) - D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
:Files
D:\Users\AS\AppData\Roaming\gema
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus



bei dir ists evtl. d:
__________________
--> GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.

Alt 10.04.2012, 08:06   #7
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



Endlich mal wieder einen zweiten PC in die Finger bekommen und die Schritte befolgt wie sie beschrieben wurden - es hat kein Neustart stattgefunden, ich habe daher Zip-Datei direkt aus Reatogo-X-PE. Die entsprechende Datei ist auf den Server hochgeladen, ich hoffe es sind nicht mehr allzu viele Schritte erforderlich, bis ich meinen PC wieder halbwegs nutzen kann.

Nochmals vielen Dank fuer die ganze Hilfe!

Alt 10.04.2012, 19:25   #8
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



starte halt mal ohne cd und teste es :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.04.2012, 21:45   #9
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



Das war ja das erste was ich gemacht hatte, da ich gehofft hatte dass es jetzt funktioniert. Bin aber doch wieder nur auf einem Desktop mit dem weißen Bild und der Fehlermeldung gelandet. Soll ich das Ganze nochmal wiederholen oder vorerst nur im abgesicherten Modus starten? Vorab schon danke für die Hilfe!
P.s.: kann es daran liegen, dass ich das BIOS zuerst wieder von compatibility aus ahsci oder asci umstellen musste, bevor ich wieder normal starten konnte?

Alt 11.04.2012, 16:33   #10
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



poste ein neues otl log bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 13:05   #11
Hsgler
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



So, anbei der Neue LOG, hat etwas gedauert, aber ist übers Wochenende nicht leicht einen PC zu bekommen. Was bisher nach dem FIX passiert ist:
1. Kein automatischer Neustart, aber konnte den PC nach ausschalten im abgesicherten Modus starten ohne dass der weisse Bildschirm erschienen ist.
2. Sobald ich abgesicherten Modus mit Netzwerktreibern oder den normalen Modus gestartet habe, war wieder der Gema-Virus da.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/17/2012 8:46:43 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS
Drive D: | 979.05 Mb Total Space | 942.13 Mb Free Space | 96.23% Space Free | Partition Type: FAT32
Drive E: | 119.14 Gb Total Space | 19.59 Gb Free Space | 16.44% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/12/03 06:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/02 07:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 11:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/10/19 09:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Disabled] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/10/19 09:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Disabled] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/07/27 08:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 08:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 08:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand] -- E:\Windows\System32\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/07 08:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/03/26 15:33:00 | 001,045,504 | ---- | M] ( ) [Disabled] -- E:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/28 20:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled] -- E:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/10 13:48:07 | 000,075,136 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/23 13:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 13:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 07:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [Disabled] -- E:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/16 04:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/18 12:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Disabled] -- E:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/09/17 12:50:54 | 000,259,432 | ---- | M] (Lenovo) [Disabled] -- E:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 12:50:48 | 000,124,264 | ---- | M] (Lenovo) [Disabled] -- E:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/08/24 21:30:00 | 000,164,200 | ---- | M] (Lenovo.) [Disabled] -- E:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/08/24 21:30:00 | 000,075,112 | ---- | M] (Lenovo) [Disabled] -- E:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/05/03 07:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/03 07:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/04/24 06:46:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- E:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/26 15:33:00 | 000,593,920 | ---- | M] ( ) [Disabled] -- E:\Windows\SysWow64\lmabcoms.exe -- (lmab_device)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/18 08:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled] -- E:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/17 08:17:08 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/12 07:43:05 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011/09/15 18:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/15 18:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/26 08:58:18 | 000,572,336 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/07/26 08:58:18 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- E:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/07/26 08:58:16 | 000,352,816 | ---- | M] (Paragon) [Kernel | System] -- E:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/05/10 02:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/01 09:44:53 | 000,314,016 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/03/01 09:44:53 | 000,043,680 | ---- | M] () [Kernel | Auto] -- E:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/02/28 13:16:45 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/01/13 06:21:28 | 000,166,656 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/02 09:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 09:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 09:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 09:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/28 16:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/17 21:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/10/14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/07 09:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System] -- E:\Windows\System32\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 05:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/08/24 21:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot] -- E:\Windows\System32\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/08/24 21:30:00 | 000,013,104 | ---- | M] () [Kernel | System] -- E:\Windows\System32\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/07/22 04:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2010/07/21 10:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/16 08:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot] -- E:\Windows\System32\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 08:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot] -- E:\Windows\System32\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/04/28 02:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/23 18:52:57 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/03/25 07:09:06 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/03/25 07:09:06 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/03/25 07:09:06 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/18 23:01:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- E:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/13 07:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto] -- E:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/12/10 16:27:25 | 000,120,320 | ---- | M] () [Kernel | System] -- E:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\AS_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 4F 61 57 37 ED CB 01  [binary data]
IE - HKU\AS_ON_E\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found
IE - HKU\AS_ON_E\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\AS_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\AS_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "handelsblatt.com|www.nzz.ch|www.sz.de|faz.net|tagblatt.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6073ee7d0000000000000024d70ad4e5&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: E:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: E:\Users\AS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/10/07 16:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/10 16:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/10 16:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/08 05:39:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 01:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/28 08:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/08 05:40:00 | 000,000,000 | ---D | M]
 
[2010/04/23 18:53:39 | 000,000,000 | ---D | M] (No name found) -- E:\Users\AS\AppData\Roaming\Mozilla\Extensions
[2012/03/01 07:50:22 | 000,000,000 | ---D | M] (No name found) -- E:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions
[2012/02/15 22:04:22 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- E:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/10/12 13:21:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- E:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\battlefieldplay4free@ea.com
[2010/09/09 15:35:09 | 000,002,101 | ---- | M] () -- E:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\googlede.xml
[2011/10/25 00:45:58 | 000,003,915 | ---- | M] () -- E:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\sweetim.xml
[2012/01/11 01:45:38 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 19:26:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- E:\USERS\AS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOBMSWW8.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/19 01:10:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/15 09:06:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 08:27:49 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/13 08:27:49 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 08:27:49 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/13 08:27:49 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/13 08:27:49 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/13 08:27:49 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | R--- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} -  File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} -  File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} -  File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O3 - HKU\AS_ON_E\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\AS_ON_E\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\AS_ON_E\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\AS_ON_E\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} -  File not found
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] E:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] E:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [LMPSSDMON] E:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [SmartAudio] E:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] E:\Windows\System32\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Freecorder FLV Service]  File not found
O4 - HKLM..\Run: [gema.] E:\ProgramData\gema\gema.exe (A Lf)
O4 - HKLM..\Run: [IMSS] E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PWMTRV] E:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] E:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKU\AS_ON_E..\Run: []  File not found
O4 - HKU\AS_ON_E..\Run: [AdobeBridge]  File not found
O4 - HKU\AS_ON_E..\Run: [gema] E:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\AS_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - AS_ON_E\..Trusted Domains: unisg.ch ([serviceportal] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 220.220.248.1 220.220.248.9
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - E:\Windows\System32\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - E:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - E:\ProgramData\gema\gema.exe (A Lf)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\AS_ON_E Winlogon: Shell - (C:\Users\AS\AppData\Roaming\gema\gema.exe) - E:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O20 - HKU\AS_ON_E Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - E:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\T3AP.exe
O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EpaNt908\Setup.exe
O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell\AutoRun\command - "" = D:\Setup_German.exe
O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell - "" = AutoRun
O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs:64bit: AppMgmt - E:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^AS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - E:\Users\AS\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - E:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - E:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - E:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LMab1err - hkey= - key= - E:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - E:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - E:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - E:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - E:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDFServiceEngine - hkey= - key= - E:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - E:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - E:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/13 18:00:08 | 000,000,000 | ---D | C] -- E:\Users\AS\AppData\Roaming\gema
[2012/04/08 20:05:47 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2012/04/08 20:05:44 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/04/06 10:19:37 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2012/04/06 08:42:05 | 000,000,000 | -HSD | C] -- E:\found.004
[2012/04/06 00:44:36 | 000,000,000 | ---D | C] -- E:\ProgramData\gema
[2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\Skype
[2012/03/22 15:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- E:\Windows\SysWow64\GPhotos.scr
[2012/03/21 00:59:34 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- E:\ProgramData\Rosetta Stone
[2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Rosetta Stone
[2012/03/19 23:53:35 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/19 23:52:20 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Google
[2010/10/02 04:09:16 | 001,044,480 | ---- | C] ( ) -- E:\Windows\SysWow64\lmabserv.dll
[2010/10/02 04:09:16 | 000,802,816 | ---- | C] ( ) -- E:\Windows\SysWow64\lmabcomc.dll
[2010/10/02 04:09:16 | 000,372,736 | ---- | C] ( ) -- E:\Windows\SysWow64\lmabcomm.dll
[2010/10/02 04:09:16 | 000,356,352 | ---- | C] ( ) -- E:\Windows\SysWow64\lmabhcp.dll
[2010/10/02 04:09:15 | 000,593,920 | ---- | C] ( ) -- E:\Windows\SysWow64\lmabcoms.exe
[2005/12/05 13:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- E:\Program Files (x86)\dsetup32.dll
[2005/12/05 13:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- E:\Program Files (x86)\DXSETUP.exe
[2005/12/05 13:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- E:\Program Files (x86)\DSETUP.dll
[2 E:\Users\AS\Documents\*.tmp files -> E:\Users\AS\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/13 19:12:55 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/04/13 19:12:36 | 3060,535,296 | -HS- | M] () -- E:\hiberfil.sys
[2012/04/13 17:59:57 | 000,000,418 | RHS- | M] () -- E:\ProgramData\ntuser.pol
[2012/04/06 10:31:05 | 000,000,648 | ---- | M] () -- E:\Notes
[2012/04/06 00:51:27 | 000,017,360 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/06 00:51:27 | 000,017,360 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 00:09:43 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/02 23:58:05 | 000,419,952 | ---- | M] () -- E:\Windows\System32\gema.exe
[2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/02 18:30:10 | 000,715,660 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/04/02 18:30:10 | 000,669,726 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/04/02 18:30:10 | 000,154,264 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/04/02 18:30:10 | 000,126,878 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/03/28 19:25:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 03:07:30 | 000,806,384 | ---- | M] () -- E:\Users\AS\Desktop\Direction Softbank Store.jpg
[2012/03/22 15:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- E:\Windows\SysWow64\GPhotos.scr
[2012/03/21 00:59:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/03/20 20:46:18 | 000,167,551 | ---- | M] () -- E:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_A_S.pdf
[2012/03/19 23:53:50 | 000,001,070 | ---- | M] () -- E:\Users\Public\Desktop\Picasa 3.lnk
[2012/03/19 23:53:35 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2 E:\Users\AS\Documents\*.tmp files -> E:\Users\AS\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/06 10:31:05 | 000,000,648 | ---- | C] () -- E:\Notes
[2012/04/06 00:44:36 | 000,419,952 | ---- | C] () -- E:\Windows\System32\gema.exe
[2012/03/23 03:07:30 | 000,806,384 | ---- | C] () -- E:\Users\AS\Desktop\Direction Softbank Store.jpg
[2012/03/20 20:46:17 | 000,167,551 | ---- | C] () -- E:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_A_S.pdf
[2012/03/19 23:53:50 | 000,001,070 | ---- | C] () -- E:\Users\Public\Desktop\Picasa 3.lnk
[2012/02/15 06:05:17 | 000,077,824 | ---- | C] () -- E:\Windows\KMService.exe
[2012/02/15 06:05:17 | 000,008,192 | ---- | C] () -- E:\Windows\SysWow64\srvany.exe
[2011/12/29 09:14:11 | 000,000,023 | ---- | C] () -- E:\Windows\BlendSettings.ini
[2011/12/12 13:00:53 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll
[2011/12/10 16:27:25 | 000,120,320 | ---- | C] () -- E:\Windows\SysWow64\drivers\SSHDRV65.sys
[2011/09/19 09:58:14 | 000,000,418 | RHS- | C] () -- E:\ProgramData\ntuser.pol
[2011/06/07 01:32:29 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/25 17:14:12 | 000,010,240 | ---- | C] () -- E:\Windows\SysWow64\vidx16.dll
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2011/03/19 10:18:57 | 000,066,856 | ---- | C] () -- E:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/19 09:54:55 | 000,867,020 | ---- | C] () -- E:\Windows\SysWow64\igkrng575.bin
[2011/03/19 09:54:44 | 000,105,408 | ---- | C] () -- E:\Windows\SysWow64\igfcg575m.bin
[2011/03/19 09:54:42 | 000,128,204 | ---- | C] () -- E:\Windows\SysWow64\igcompkrng575.bin
[2010/12/10 09:09:45 | 000,234,768 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2010/12/10 09:09:42 | 000,075,136 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2010/11/10 17:05:39 | 000,000,132 | ---- | C] () -- E:\Users\AS\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/02 04:07:09 | 000,028,672 | ---- | C] () -- E:\Windows\hookdllX.dll
[2010/10/02 04:07:09 | 000,011,776 | ---- | C] () -- E:\Windows\SysWow64\pmsbfn32.dll
[2010/09/27 14:38:27 | 000,001,025 | ---- | C] () -- E:\Windows\SysWow64\sysprs7.dll
[2010/09/27 14:38:27 | 000,000,205 | ---- | C] () -- E:\Windows\SysWow64\lsprst7.dll
[2010/09/26 13:06:58 | 000,000,132 | ---- | C] () -- E:\Users\AS\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/03 10:25:00 | 000,000,756 | ---- | C] () -- E:\Users\AS\AppData\Eudora.lnk
[2010/07/10 10:04:47 | 000,320,000 | ---- | C] () -- E:\Windows\SysWow64\roboex32.dll
[2010/07/10 10:04:21 | 000,000,750 | RH-- | C] () -- E:\Windows\SysWow64\ttri.dat
[2010/06/02 00:22:54 | 001,412,902 | ---- | C] () -- E:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
[2010/06/02 00:22:54 | 001,127,217 | ---- | C] () -- E:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
[2010/06/02 00:22:54 | 000,273,960 | ---- | C] () -- E:\Program Files (x86)\Nov2008_XAudio_x64.cab
[2010/06/02 00:22:54 | 000,272,611 | ---- | C] () -- E:\Program Files (x86)\Nov2008_XAudio_x86.cab
[2010/06/02 00:22:54 | 000,182,361 | ---- | C] () -- E:\Program Files (x86)\OCT2006_XACT_x64.cab
[2010/06/02 00:22:54 | 000,138,017 | ---- | C] () -- E:\Program Files (x86)\OCT2006_XACT_x86.cab
[2010/06/02 00:22:52 | 001,906,878 | ---- | C] () -- E:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
[2010/06/02 00:22:52 | 001,550,796 | ---- | C] () -- E:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
[2010/06/02 00:22:52 | 000,965,421 | ---- | C] () -- E:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
[2010/06/02 00:22:52 | 000,121,794 | ---- | C] () -- E:\Program Files (x86)\Nov2008_XACT_x64.cab
[2010/06/02 00:22:52 | 000,092,684 | ---- | C] () -- E:\Program Files (x86)\Nov2008_XACT_x86.cab
[2010/06/02 00:22:52 | 000,054,522 | ---- | C] () -- E:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
[2010/06/02 00:22:52 | 000,021,851 | ---- | C] () -- E:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
[2010/06/02 00:22:50 | 000,994,154 | ---- | C] () -- E:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
[2010/06/02 00:22:50 | 000,196,762 | ---- | C] () -- E:\Program Files (x86)\NOV2007_XACT_x64.cab
[2010/06/02 00:22:50 | 000,148,264 | ---- | C] () -- E:\Program Files (x86)\NOV2007_XACT_x86.cab
[2010/06/02 00:22:50 | 000,046,144 | ---- | C] () -- E:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
[2010/06/02 00:22:50 | 000,018,496 | ---- | C] () -- E:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
[2010/06/02 00:22:48 | 001,802,058 | ---- | C] () -- E:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
[2010/06/02 00:22:48 | 001,709,360 | ---- | C] () -- E:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
[2010/06/02 00:22:48 | 000,864,600 | ---- | C] () -- E:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
[2010/06/02 00:22:48 | 000,803,884 | ---- | C] () -- E:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
[2010/06/02 00:22:48 | 000,273,018 | ---- | C] () -- E:\Program Files (x86)\Mar2009_XAudio_x86.cab
[2010/06/02 00:22:46 | 000,275,044 | ---- | C] () -- E:\Program Files (x86)\Mar2009_XAudio_x64.cab
[2010/06/02 00:22:46 | 000,121,506 | ---- | C] () -- E:\Program Files (x86)\Mar2009_XACT_x64.cab
[2010/06/02 00:22:46 | 000,092,740 | ---- | C] () -- E:\Program Files (x86)\Mar2009_XACT_x86.cab
[2010/06/02 00:22:38 | 000,054,600 | ---- | C] () -- E:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
[2010/06/02 00:22:38 | 000,021,298 | ---- | C] () -- E:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
[2010/06/02 00:22:36 | 001,973,702 | ---- | C] () -- E:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
[2010/06/02 00:22:36 | 001,612,446 | ---- | C] () -- E:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
[2010/06/02 00:22:36 | 001,067,160 | ---- | C] () -- E:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
[2010/06/02 00:22:36 | 001,040,745 | ---- | C] () -- E:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
[2010/06/02 00:22:36 | 000,251,194 | ---- | C] () -- E:\Program Files (x86)\Mar2008_XAudio_x64.cab
[2010/06/02 00:22:36 | 000,226,250 | ---- | C] () -- E:\Program Files (x86)\Mar2008_XAudio_x86.cab
[2010/06/02 00:22:36 | 000,122,336 | ---- | C] () -- E:\Program Files (x86)\Mar2008_XACT_x64.cab
[2010/06/02 00:22:36 | 000,093,734 | ---- | C] () -- E:\Program Files (x86)\Mar2008_XACT_x86.cab
[2010/06/02 00:22:34 | 001,769,862 | ---- | C] () -- E:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
[2010/06/02 00:22:34 | 001,443,282 | ---- | C] () -- E:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
[2010/06/02 00:22:34 | 000,818,260 | ---- | C] () -- E:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
[2010/06/02 00:22:34 | 000,055,058 | ---- | C] () -- E:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
[2010/06/02 00:22:34 | 000,021,867 | ---- | C] () -- E:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
[2010/06/02 00:22:32 | 000,937,246 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
[2010/06/02 00:22:32 | 000,844,884 | ---- | C] () -- E:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
[2010/06/02 00:22:32 | 000,768,036 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
[2010/06/02 00:22:32 | 000,278,060 | ---- | C] () -- E:\Program Files (x86)\Jun2010_XAudio_x86.cab
[2010/06/02 00:22:32 | 000,277,338 | ---- | C] () -- E:\Program Files (x86)\Jun2010_XAudio_x64.cab
[2010/06/02 00:22:32 | 000,124,596 | ---- | C] () -- E:\Program Files (x86)\Jun2010_XACT_x64.cab
[2010/06/02 00:22:32 | 000,093,686 | ---- | C] () -- E:\Program Files (x86)\Jun2010_XACT_x86.cab
[2010/06/02 00:22:30 | 000,762,188 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 00:22:30 | 000,235,955 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
[2010/06/02 00:22:30 | 000,197,283 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
[2010/06/02 00:22:30 | 000,138,205 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
[2010/06/02 00:22:30 | 000,109,445 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
[2010/06/02 00:22:28 | 000,944,460 | ---- | C] () -- E:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 00:22:28 | 000,931,471 | ---- | C] () -- E:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 00:22:28 | 000,752,783 | ---- | C] () -- E:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 00:22:20 | 000,269,024 | ---- | C] () -- E:\Program Files (x86)\JUN2008_XAudio_x86.cab
[2010/06/02 00:22:18 | 001,792,608 | ---- | C] () -- E:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
[2010/06/02 00:22:18 | 001,463,878 | ---- | C] () -- E:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
[2010/06/02 00:22:18 | 000,867,828 | ---- | C] () -- E:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
[2010/06/02 00:22:18 | 000,849,919 | ---- | C] () -- E:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
[2010/06/02 00:22:18 | 000,269,628 | ---- | C] () -- E:\Program Files (x86)\JUN2008_XAudio_x64.cab
[2010/06/02 00:22:18 | 000,152,909 | ---- | C] () -- E:\Program Files (x86)\JUN2007_XACT_x86.cab
[2010/06/02 00:22:18 | 000,121,054 | ---- | C] () -- E:\Program Files (x86)\JUN2008_XACT_x64.cab
[2010/06/02 00:22:18 | 000,093,128 | ---- | C] () -- E:\Program Files (x86)\JUN2008_XACT_x86.cab
[2010/06/02 00:22:18 | 000,055,154 | ---- | C] () -- E:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
[2010/06/02 00:22:18 | 000,021,905 | ---- | C] () -- E:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
[2010/06/02 00:22:16 | 001,607,774 | ---- | C] () -- E:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
[2010/06/02 00:22:16 | 001,607,286 | ---- | C] () -- E:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
[2010/06/02 00:22:16 | 000,699,044 | ---- | C] () -- E:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
[2010/06/02 00:22:16 | 000,698,472 | ---- | C] () -- E:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
[2010/06/02 00:22:16 | 000,197,122 | ---- | C] () -- E:\Program Files (x86)\JUN2007_XACT_x64.cab
[2010/06/02 00:22:16 | 000,180,785 | ---- | C] () -- E:\Program Files (x86)\JUN2006_XACT_x64.cab
[2010/06/02 00:22:16 | 000,133,671 | ---- | C] () -- E:\Program Files (x86)\JUN2006_XACT_x86.cab
[2010/06/02 00:22:14 | 000,277,191 | ---- | C] () -- E:\Program Files (x86)\Feb2010_XAudio_x86.cab
[2010/06/02 00:22:14 | 000,276,960 | ---- | C] () -- E:\Program Files (x86)\Feb2010_XAudio_x64.cab
[2010/06/02 00:22:14 | 000,122,446 | ---- | C] () -- E:\Program Files (x86)\Feb2010_XACT_x64.cab
[2010/06/02 00:22:14 | 000,093,180 | ---- | C] () -- E:\Program Files (x86)\Feb2010_XACT_x86.cab
[2010/06/02 00:22:12 | 000,194,675 | ---- | C] () -- E:\Program Files (x86)\FEB2007_XACT_x64.cab
[2010/06/02 00:22:12 | 000,147,983 | ---- | C] () -- E:\Program Files (x86)\FEB2007_XACT_x86.cab
[2010/06/02 00:22:12 | 000,054,678 | ---- | C] () -- E:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
[2010/06/02 00:22:12 | 000,020,713 | ---- | C] () -- E:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
[2010/06/02 00:22:10 | 000,178,359 | ---- | C] () -- E:\Program Files (x86)\Feb2006_XACT_x64.cab
[2010/06/02 00:22:10 | 000,132,409 | ---- | C] () -- E:\Program Files (x86)\Feb2006_XACT_x86.cab
[2010/06/02 00:22:04 | 001,084,720 | ---- | C] () -- E:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
[2010/06/02 00:22:02 | 001,574,376 | ---- | C] () -- E:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
[2010/06/02 00:22:02 | 001,362,796 | ---- | C] () -- E:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
[2010/06/02 00:22:02 | 000,192,475 | ---- | C] () -- E:\Program Files (x86)\DEC2006_XACT_x64.cab
[2010/06/02 00:22:02 | 000,145,599 | ---- | C] () -- E:\Program Files (x86)\DEC2006_XACT_x86.cab
[2010/06/02 00:22:00 | 001,571,154 | ---- | C] () -- E:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
[2010/06/02 00:22:00 | 000,273,264 | ---- | C] () -- E:\Program Files (x86)\Aug2009_XAudio_x64.cab
[2010/06/02 00:22:00 | 000,272,642 | ---- | C] () -- E:\Program Files (x86)\Aug2009_XAudio_x86.cab
[2010/06/02 00:22:00 | 000,212,807 | ---- | C] () -- E:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
[2010/06/02 00:22:00 | 000,191,720 | ---- | C] () -- E:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
[2010/06/02 00:22:00 | 000,122,408 | ---- | C] () -- E:\Program Files (x86)\Aug2009_XACT_x64.cab
[2010/06/02 00:22:00 | 000,093,106 | ---- | C] () -- E:\Program Files (x86)\Aug2009_XACT_x86.cab
[2010/06/02 00:21:58 | 000,930,116 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
[2010/06/02 00:21:58 | 000,728,456 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
[2010/06/02 00:21:58 | 000,232,635 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
[2010/06/02 00:21:58 | 000,192,131 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
[2010/06/02 00:21:58 | 000,136,301 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
[2010/06/02 00:21:58 | 000,105,044 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
[2010/06/02 00:21:56 | 003,319,740 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 00:21:56 | 003,112,111 | ---- | C] () -- E:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 00:21:56 | 000,900,598 | ---- | C] () -- E:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 00:21:46 | 000,919,044 | ---- | C] () -- E:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 00:21:46 | 000,271,412 | ---- | C] () -- E:\Program Files (x86)\Aug2008_XAudio_x64.cab
[2010/06/02 00:21:46 | 000,271,038 | ---- | C] () -- E:\Program Files (x86)\Aug2008_XAudio_x86.cab
[2010/06/02 00:21:44 | 001,794,084 | ---- | C] () -- E:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
[2010/06/02 00:21:44 | 001,464,672 | ---- | C] () -- E:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
[2010/06/02 00:21:44 | 000,849,167 | ---- | C] () -- E:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
[2010/06/02 00:21:44 | 000,198,096 | ---- | C] () -- E:\Program Files (x86)\AUG2007_XACT_x64.cab
[2010/06/02 00:21:44 | 000,153,012 | ---- | C] () -- E:\Program Files (x86)\AUG2007_XACT_x86.cab
[2010/06/02 00:21:44 | 000,121,772 | ---- | C] () -- E:\Program Files (x86)\Aug2008_XACT_x64.cab
[2010/06/02 00:21:44 | 000,092,996 | ---- | C] () -- E:\Program Files (x86)\Aug2008_XACT_x86.cab
[2010/06/02 00:21:42 | 001,800,160 | ---- | C] () -- E:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
[2010/06/02 00:21:42 | 001,708,152 | ---- | C] () -- E:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
[2010/06/02 00:21:42 | 000,867,612 | ---- | C] () -- E:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
[2010/06/02 00:21:42 | 000,852,286 | ---- | C] () -- E:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
[2010/06/02 00:21:42 | 000,796,867 | ---- | C] () -- E:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
[2010/06/02 00:21:40 | 000,182,903 | ---- | C] () -- E:\Program Files (x86)\AUG2006_XACT_x64.cab
[2010/06/02 00:21:40 | 000,137,235 | ---- | C] () -- E:\Program Files (x86)\AUG2006_XACT_x86.cab
[2010/06/02 00:21:40 | 000,087,142 | ---- | C] () -- E:\Program Files (x86)\AUG2006_xinput_x64.cab
[2010/06/02 00:21:40 | 000,053,302 | ---- | C] () -- E:\Program Files (x86)\APR2007_xinput_x86.cab
[2010/06/02 00:21:40 | 000,046,058 | ---- | C] () -- E:\Program Files (x86)\AUG2006_xinput_x86.cab
[2010/06/02 00:21:38 | 001,606,039 | ---- | C] () -- E:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
[2010/06/02 00:21:38 | 000,195,766 | ---- | C] () -- E:\Program Files (x86)\APR2007_XACT_x64.cab
[2010/06/02 00:21:38 | 000,151,225 | ---- | C] () -- E:\Program Files (x86)\APR2007_XACT_x86.cab
[2010/06/02 00:21:38 | 000,096,817 | ---- | C] () -- E:\Program Files (x86)\APR2007_xinput_x64.cab
[2010/06/02 00:21:36 | 001,607,358 | ---- | C] () -- E:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
[2010/06/02 00:21:36 | 000,698,612 | ---- | C] () -- E:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
[2010/06/02 00:21:36 | 000,695,865 | ---- | C] () -- E:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
[2010/06/02 00:21:34 | 000,046,010 | ---- | C] () -- E:\Program Files (x86)\Apr2006_xinput_x86.cab
[2010/06/02 00:21:20 | 000,087,101 | ---- | C] () -- E:\Program Files (x86)\Apr2006_xinput_x64.cab
[2010/06/02 00:21:18 | 004,162,630 | ---- | C] () -- E:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 00:21:18 | 000,916,430 | ---- | C] () -- E:\Program Files (x86)\Apr2006_MDX1_x86.cab
[2010/06/02 00:21:18 | 000,179,133 | ---- | C] () -- E:\Program Files (x86)\Apr2006_XACT_x64.cab
[2010/06/02 00:21:18 | 000,133,103 | ---- | C] () -- E:\Program Files (x86)\Apr2006_XACT_x86.cab
[2010/06/02 00:21:16 | 001,397,830 | ---- | C] () -- E:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
[2010/06/02 00:21:16 | 001,115,221 | ---- | C] () -- E:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
[2010/05/09 06:49:16 | 000,000,162 | ---- | C] () -- E:\Windows\Readiris.ini
[2010/05/09 06:07:39 | 000,120,200 | ---- | C] () -- E:\Windows\SysWow64\DLLDEV32i.dll
[2010/05/09 06:07:27 | 000,007,103 | ---- | C] () -- E:\Windows\mgxoschk.ini
[2010/05/08 14:34:23 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2010/05/02 09:16:44 | 000,006,144 | ---- | C] () -- E:\Users\AS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 13:17:23 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat
[2010/04/28 05:44:54 | 001,639,670 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2009/06/07 07:27:20 | 000,073,728 | ---- | C] () -- E:\Windows\SysWow64\vbzlib1.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
[2005/12/05 13:28:30 | 003,673,932 | ---- | C] () -- E:\Program Files (x86)\Dec2005_MDX1_x86_Archive.cab
[2005/12/05 13:28:04 | 001,358,864 | ---- | C] () -- E:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
[2005/12/05 13:28:02 | 000,086,925 | ---- | C] () -- E:\Program Files (x86)\Oct2005_xinput_x64.cab
[2005/12/05 13:28:02 | 000,046,247 | ---- | C] () -- E:\Program Files (x86)\Oct2005_xinput_x86.cab
[2005/12/05 13:28:02 | 000,041,888 | ---- | C] () -- E:\Program Files (x86)\dxdllreg_x86.cab
[2005/12/05 13:28:00 | 000,916,806 | ---- | C] () -- E:\Program Files (x86)\Dec2005_MDX1_x86.cab
[2005/12/05 13:27:58 | 001,080,344 | ---- | C] () -- E:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
[2005/12/05 13:00:46 | 000,081,092 | ---- | C] () -- E:\Program Files (x86)\dxupdate.cab
[2005/12/05 13:00:44 | 001,351,430 | ---- | C] () -- E:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
[2005/12/05 13:00:44 | 001,348,242 | ---- | C] () -- E:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
[2005/12/05 13:00:44 | 001,336,890 | ---- | C] () -- E:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
[2005/12/05 13:00:44 | 001,248,387 | ---- | C] () -- E:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
[2005/12/05 13:00:44 | 001,079,850 | ---- | C] () -- E:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
[2005/12/05 13:00:44 | 001,078,532 | ---- | C] () -- E:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
[2005/12/05 13:00:44 | 001,065,813 | ---- | C] () -- E:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
[2005/12/05 13:00:44 | 001,014,113 | ---- | C] () -- E:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
[2005/12/05 13:00:42 | 013,265,040 | ---- | C] () -- E:\Program Files (x86)\dxnt.cab
[2005/12/05 13:00:40 | 015,493,481 | ---- | C] () -- E:\Program Files (x86)\DirectX.cab
[2005/12/05 13:00:40 | 001,156,363 | ---- | C] () -- E:\Program Files (x86)\BDANT.cab
[2005/12/05 13:00:40 | 000,976,020 | ---- | C] () -- E:\Program Files (x86)\BDAXP.cab
[2005/12/05 13:00:40 | 000,703,080 | ---- | C] () -- E:\Program Files (x86)\BDA.cab
[2003/11/17 10:30:01 | 000,286,208 | ---- | C] () -- E:\Windows\SysWow64\CNCS232.DLL
 
========== LOP Check ==========
 
[2011/10/15 08:10:36 | 000,000,000 | ---D | M] -- E:\ProgramData\Age of Empires 3
[2012/01/07 17:00:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Airline Tycoon 2
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/12/10 11:15:02 | 000,000,000 | ---D | M] -- E:\ProgramData\BioWare
[2011/03/10 05:02:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/10/10 12:13:42 | 000,000,000 | ---D | M] -- E:\ProgramData\Conexant
[2012/03/21 21:16:03 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2010/07/08 16:24:40 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- E:\ProgramData\explauncher
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/11/27 08:09:52 | 000,000,000 | ---D | M] -- E:\ProgramData\Firefly Studios
[2012/04/06 00:44:36 | 000,000,000 | ---D | M] -- E:\ProgramData\gema
[2011/10/05 05:20:17 | 000,000,000 | ---D | M] -- E:\ProgramData\id Software
[2011/02/14 18:13:03 | 000,000,000 | ---D | M] -- E:\ProgramData\Installations
[2010/07/10 10:00:04 | 000,000,000 | ---D | M] -- E:\ProgramData\LANGMaster
[2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- E:\ProgramData\launcher
[2010/05/02 09:22:10 | 000,000,000 | ---D | M] -- E:\ProgramData\Lenovo
[2010/05/09 06:19:37 | 000,000,000 | ---D | M] -- E:\ProgramData\MAGIX
[2011/02/14 18:09:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Nokia
[2011/06/08 05:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaAccount
[2010/09/20 12:46:55 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaInstallerCache
[2010/04/24 04:48:04 | 000,000,000 | ---D | M] -- E:\ProgramData\OviInstallerCache
[2011/09/19 05:20:25 | 000,000,000 | ---D | M] -- E:\ProgramData\p2panalysis
[2010/09/20 03:20:18 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2011/05/06 04:56:48 | 000,000,000 | ---D | M] -- E:\ProgramData\PC-Doctor for Windows
[2012/03/19 23:23:16 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2010/10/04 05:08:14 | 000,000,000 | ---D | M] -- E:\ProgramData\PCSettings
[2011/03/16 07:43:02 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2010/09/20 01:46:38 | 000,000,000 | ---D | M] -- E:\ProgramData\regid.1986-12.com.adobe
[2010/09/10 10:19:03 | 000,000,000 | ---D | M] -- E:\ProgramData\Roaming
[2012/03/25 17:34:38 | 000,000,000 | ---D | M] -- E:\ProgramData\Rosetta Stone
[2010/09/27 14:44:01 | 000,000,000 | ---D | M] -- E:\ProgramData\SafeNet Sentinel
[2010/04/24 05:29:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2010/09/27 14:39:58 | 000,000,000 | ---D | M] -- E:\ProgramData\SPSS
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/12/13 18:03:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Tages
[2010/09/14 04:48:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/04/06 04:04:34 | 000,000,000 | ---D | M] -- E:\ProgramData\Ubisoft
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2010/10/26 08:24:41 | 000,000,000 | -H-D | M] -- E:\ProgramData\{51FF211C-C5CA-4891-947B-39860CCE391A}
[2010/04/24 05:18:26 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/10 16:30:09 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/12/11 08:12:18 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/09/19 05:20:44 | 000,000,000 | ---D | M] -- E:\archive_db
[2012/04/02 14:18:55 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2010/04/23 18:34:32 | 000,000,000 | ---D | M] -- E:\DRIVERS
[2010/09/19 08:22:53 | 000,000,000 | ---D | M] -- E:\faed1437818ec439abe50a
[2010/12/20 02:13:09 | 000,000,000 | -HSD | M] -- E:\found.000
[2011/02/03 15:56:23 | 000,000,000 | -HSD | M] -- E:\found.001
[2011/03/17 07:39:23 | 000,000,000 | -HSD | M] -- E:\found.002
[2011/10/10 12:09:18 | 000,000,000 | -HSD | M] -- E:\found.003
[2012/04/06 08:42:05 | 000,000,000 | -HSD | M] -- E:\found.004
[2011/09/28 04:13:22 | 000,000,000 | ---D | M] -- E:\Games
[2010/04/24 01:10:48 | 000,000,000 | ---D | M] -- E:\Intel
[2010/11/02 05:52:38 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2011/12/31 09:31:34 | 000,000,000 | R--D | M] -- E:\Program Files
[2012/03/21 00:59:03 | 000,000,000 | ---D | M] -- E:\Program Files (x86)
[2012/04/13 17:59:57 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\Programme
[2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- E:\Recovery
[2012/04/06 10:19:37 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2011/03/19 10:06:37 | 000,000,000 | ---D | M] -- E:\SWTOOLS
[2012/04/02 14:10:26 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2011/09/19 13:19:06 | 000,000,000 | ---D | M] -- E:\temp
[2011/12/02 03:39:36 | 000,000,000 | ---D | M] -- E:\Users
[2012/04/10 23:57:26 | 000,000,000 | ---D | M] -- E:\Windows
[2012/04/08 20:05:44 | 000,000,000 | ---D | M] -- E:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- E:\DRIVERS\WIN\IRST64\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- E:\Program Files (x86)\Lenovo\System Update\session\6mio25ww\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- E:\Windows\System32\drivers\iaStor.sys
[2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4bd470085ec821d5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

Vielen Dank nochmals für eure Hilfe!

Alt 16.04.2012, 13:22   #12
markusg
/// Malware-holic
 
GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Standard

GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.



naja, wenn du jetzt im abgesicherten modus mist, und ja nicht regelmäßig arbeiten kannst, sollten wir einfach kurzen prozess machen
wir arbeiten ja schon seit anfang april an dem pc.

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.
abgesicherten, anzeige, anzeigen, autostart, desktop, deutsch, dieses programm kann die webseite nicht anzeigen, dringend, eingabeaufforderung, eingefangen, gen, hallo zusammen, laptop, leeren, modus, neu, problem, programm, regeln, situation, sperrt, unterbinden, vista, webseite, win, win7, wirklich



Ähnliche Themen: GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.


  1. Dieses Programm kann die Webseite nicht anzeigen
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (4)
  2. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 12.12.2012 (2)
  3. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (15)
  4. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 17.10.2012 (6)
  5. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (15)
  6. Dieses Programm kann die Webseite nicht anzeigen - Win 7, 32 Bit
    Log-Analyse und Auswertung - 02.10.2012 (3)
  7. Dieses Programm kann die Webseite nicht anzeigen - Win 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (8)
  8. Dieses Programm kann die Webseite nicht anzeigen
    Log-Analyse und Auswertung - 29.09.2012 (32)
  9. Dieses Programm kann Webseite nicht anzeigen
    Log-Analyse und Auswertung - 27.09.2012 (2)
  10. Dieses Programm kann die Webseite nicht anzeigen - Win 7 32 bit
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  11. Trojaner -Desktop "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (11)
  12. Keinen Zugriff auf Desktop wegen Vollfenster "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 10.09.2012 (1)
  13. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (15)
  14. Dieses Programm kann die Webseite nicht anzeigen//Win 7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (1)
  15. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 30.04.2012 (1)
  16. Keinen Zugriff auf Desktop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 14.04.2012 (11)
  17. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 21.03.2012 (1)

Zum Thema GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. - Hallo zusammen, Ich bin neu hier, habe mir die Regeln und auch aehnliche Themen soweit durchgelesen, aber in meinem Fall handelt es sich wohl um eine spezielle Notsituation: sitze zur - GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen....
Archiv
Du betrachtest: GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.