| |  Computer gesperrt "POLIZEI Cybercrime Investigation Department" , Ukash / Schweizerische Eidgenossenschaft
 Hallo Zusammen
Beim gemütlichen betrachten von interessanten Videos habe Ich mir was eingefangen. 06.12 , 23.33 ca.
System: Win7 64 prof, Microsoft security essential (grün leuchtend...)
Vor längerer Zeit habe ich mir den "vorgänger" dieses Problems eingefangen, dieserjenige konnte ich jedoch einfach beseitigen, Abgesicherter Modus, Autostart entfernt, Datei entfernt, einträge in der Registry manuell entfernt (auch div. Virensoftware laufen gelassen, nach anleitung von diesem Board). hat geklappt.
Nach dem aufpoppen der Meldung (siehe Bild) habe Ich sofort den "pc aus" Knopf auf meiner Tastatur gedrückt, zu meinem erstaunen kam die fehlermeldung dass nicht alle Programme beendet werden können von Windows. Abbrechen geklick und zurück auf dem Desktop war Ich.
Neuste Dateien im meinem Benutzerordner gesucht und Bilder aus der Meldung gefunden, inkl. 2 Dateien, alles verdächte verschoben auf die 2 Festplatte. Danach beruhigt ins Bett, weil der autostart die Dateien nichtmehr findet...
Nächster Tag, die ernüchterung, hat nicht geklappt, weitergemacht:
Netzwerkstecker rausgezogen & neustart; Meldung kommt noch.
Abgesicherter Modus; fährt nach dem anmelden gleich wieder runter.
Benutzer "Gast" angemeldet; keine Meldung kommt, allerdings lässt sich kein Programm ausführen / installieren da Kindersicherung (hätt ich das mal besser konfiguriert)
Heute gegoogelt und dieses Thema gefunden: http://www.trojaner-board.de/126426-...-gesperrt.html
Boot CD Reatogo-x-pe erstellt und benutzt. Allerdings komme Ich nach dem start von OTLPE nicht weiter, Fehlermeldung "target is not windows 2000 or later"
Dieses Thema gesehen: http://www.trojaner-board.de/69886-a...-beachten.html
Nr2Schritt1:
Defogger runtergeladen und unter reatogo-x-pe gestartet, Fehlermeldung: Zitat:
"defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:20 on 08/12/2012 (%username%)
Checking for autostart values...
HKCU\~\Run values retrieved.
Unable to open HKLM\~\Run key (2)
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-"
| Defogger mit kreuz beendet.
In Eigenregie:
Mit User Gast angemeldet und die kopierten Daten vom "Virus" auf einen USB Stick verschoben. Nach dem Neustart kommt die Meldung immernoch.
Nochmals Reatogo-X-pe gestartet um die Fehlermeldung richtig abzuschreiben, dabei bemerkt dass ich nur das Laufwerk, und nicht den Windows Pfad ausgewählt habe, richtiger Ordner ausgewählt; funktioniert.
Ärgerlicher Umweg (da USB Stick nicht erkannt wird, 2 verschiedene versucht) um den zusäztlichen benutzerdefinierten inhalt für den Scan zu hinterleden nochmal mit dem Gast benutzen angemeldet und Text auf der Festplatte gespeichert. Resultat: Zitat:
OTL logfile created on: 12/8/2012 7:34:31 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.36% Space Free | Partition Type: NTFS
Drive I: | 279.36 Gb Total Space | 158.28 Gb Free Space | 56.66% Space Free | Partition Type: NTFS
Drive L: | 1397.26 Gb Total Space | 1046.44 Gb Free Space | 74.89% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/12 14:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 14:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/14 14:43:18 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/15 00:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- I:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/07/20 06:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand] -- I:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/11 02:57:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- I:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- I:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- I:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/02 10:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) [Auto] -- I:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2010/11/14 14:44:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/18 05:18:32 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- I:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 10:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- I:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- I:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/30 15:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 00:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/10 00:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/07 12:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 12:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/11 22:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2010/01/07 04:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/22 10:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 10:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/19 12:35:40 | 000,511,104 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HPAF35.sys -- (AVerAF35)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 18:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/10/21 03:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 03:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 03:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 03:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 03:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 03:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 03:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/11 00:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- I:\Windows\System32\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2008/07/11 00:05:00 | 000,058,664 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2008/01/09 05:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- I:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/25 04:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV:64bit: - [2007/06/25 04:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV:64bit: - [2007/06/25 04:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV:64bit: - [2007/06/25 04:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV:64bit: - [2007/06/25 04:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/25 04:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV:64bit: - [2007/06/25 04:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV:64bit: - [2005/09/23 16:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2007/03/16 04:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- I:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\Benutzer_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 7D 75 40 54 C5 CA 01 [binary data]
IE - HKU\Benutzer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\Guest_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 7E 77 67 F0 63 CC 01 [binary data]
IE - HKU\Guest_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: I:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: I:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: I:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: I:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: I:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: I:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: I:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2010/04/25 04:56:51 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Benutzer\AppData\Roaming\Mozilla\Extensions
[2010/04/25 04:56:51 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Benutzer\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - I:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\npchrome_frame.dll (Google Inc.)
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Benutzer_ON_I\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] I:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] I:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] I:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\LocalService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser.COMPUTERNAME_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_I..\Run: [Sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser.COMPUTERNAME_ON_I..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_I..\RunOnce: [mctadmin] File not found
O4 - Startup: I:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Benutzer_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Guest_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Benutzer_ON_I\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Benutzer_ON_I Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Benutzer_ON_I Winlogon: Shell - (C:\Users\Benutzer\AppData\Roaming\skype.dat) - I:\Users\Benutzer\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - I:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{1e4b7e75-3753-11e0-b0cb-4061867f678f}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\configure\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{62fcbdc9-446b-11df-a90c-4061867f678f}\Shell\install\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd2ae546-cfa1-11e0-9d66-4061867f678f}\Shell\AutoRun\command - "" = K:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {0E384E22-7A14-D713-B889-47180DA5640E} - Microsoft Windows Media Player
ActiveX:64bit: {205B995D-F36D-E6DD-F722-EA1F577F3844} - Themes Setup
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FCFA1537-0822-36B4-E6B4-8B3F8F86FD18} - Microsoft Windows Media Player
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: {FF3C4C33-5FEA-BC79-9BB2-7234B630DBAA} - Internet Explorer
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0E384E22-7A14-D713-B889-47180DA5640E} - Microsoft Windows Media Player
ActiveX: {205B995D-F36D-E6DD-F722-EA1F577F3844} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FCFA1537-0822-36B4-E6B4-8B3F8F86FD18} - Microsoft Windows Media Player
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: {FF3C4C33-5FEA-BC79-9BB2-7234B630DBAA} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start 3DxWare.lnk - I:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe - (3Dconnexion, INC)
MsConfig:64bit - StartUpFolder: C:^Users^Benutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Benutzer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Taskplaner Engine.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - I:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - I:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - I:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - I:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Sony PC Companion - hkey= - key= - I:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - I:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/17 03:42:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\WdfLdr.sys
[2012/11/17 03:42:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\Wdfres.dll
[2012/11/17 03:41:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/11/17 03:41:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/17 03:41:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/17 03:41:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\TsUsbFlt.sys
[2012/11/17 03:41:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\rdpvideominiport.sys
[2012/11/17 03:41:46 | 000,322,560 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\aaclient.dll
[2012/11/17 03:41:46 | 000,269,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\aaclient.dll
[2012/11/17 03:41:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/17 03:41:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\MsRdpWebAccess.dll
[2012/11/17 03:41:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/17 03:41:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\tsgqec.dll
[2012/11/17 03:41:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/11/17 03:41:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\tsgqec.dll
[2012/11/17 03:41:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wksprtPS.dll
[2012/11/17 03:41:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wksprtPS.dll
[2012/11/17 03:41:45 | 005,773,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mstscax.dll
[2012/11/17 03:41:45 | 004,916,224 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mstscax.dll
[2012/11/17 03:41:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpcorets.dll
[2012/11/17 03:41:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mstsc.exe
[2012/11/17 03:41:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mstsc.exe
[2012/11/17 03:41:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wksprt.exe
[2012/11/17 03:41:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpudd.dll
[2012/11/17 03:41:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpendp_winip.dll
[2012/11/17 03:41:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\TSWbPrxy.exe
[2012/11/17 03:37:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll
[2012/11/17 03:37:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll
[2012/11/17 03:37:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/11/17 03:37:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2012/11/17 03:37:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/11/17 03:37:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\url.dll
[2012/11/17 03:37:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/11/17 03:37:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieUnatt.exe
[2012/11/17 03:37:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/11/17 03:37:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/11/17 03:37:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2012/11/17 03:37:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll
[2012/11/17 03:37:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll
[2012/11/17 03:37:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2012/11/17 03:37:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/11/17 03:37:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll
[2012/11/17 03:37:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll
[2012/11/17 03:34:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFPlatform.dll
[2012/11/17 03:34:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFCoinstaller.dll
[2012/11/17 03:34:47 | 000,744,448 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFx.dll
[2012/11/17 03:34:47 | 000,229,888 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\WUDFHost.exe
[2012/11/17 03:34:34 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2012/11/17 03:33:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncsi.dll
[2012/11/17 03:33:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ncsi.dll
[2012/11/17 03:33:37 | 000,246,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netcorehc.dll
[2012/11/17 03:33:37 | 000,175,104 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\netcorehc.dll
[2012/11/17 03:33:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\netevent.dll
[2012/11/17 03:33:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netevent.dll
[2012/11/17 03:33:35 | 000,226,816 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcore6.dll
[2012/11/17 03:33:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\dhcpcore6.dll
[2012/11/17 03:33:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\dhcpcsvc6.dll
[2012/11/17 03:33:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\dhcpcsvc6.dll
[2012/11/17 03:33:22 | 001,448,448 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\lsasrv.dll
[2012/11/17 03:33:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncrypt.dll
[2012/11/17 03:33:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ncrypt.dll
[2012/11/17 03:33:06 | 000,095,744 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\synceng.dll
[2012/11/17 03:33:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\synceng.dll
[2011/08/11 16:53:29 | 000,625,736 | ---- | C] (How Inc.) -- I:\Program Files (x86)\Common Files\ZugoInstaller.exe
========== Files - Modified Within 30 Days ==========
[2012/12/08 13:25:25 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/12/08 13:24:32 | 000,001,102 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 13:03:19 | 000,000,004 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\skype.ini
[2012/12/08 12:58:12 | 000,015,024 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 12:58:12 | 000,015,024 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 12:57:54 | 000,657,438 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/12/08 12:57:54 | 000,618,714 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/12/08 12:57:54 | 000,130,810 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/12/08 12:57:54 | 000,107,034 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/12/08 12:36:00 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 12:14:56 | 000,050,477 | ---- | M] () -- I:\Users\Guest\Desktop\Defogger.exe
[2012/12/08 12:06:10 | 000,001,106 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 17:47:11 | 000,540,743 | ---- | M] () -- I:\Users\Benutzer\Desktop\adwcleaner.exe
[2012/12/06 17:25:30 | 002,558,036 | ---- | M] () -- I:\Users\Benutzer\Desktop\23.mpeg
[2012/12/06 17:20:14 | 002,564,318 | ---- | M] () -- I:\Users\Benutzer\Desktop\8.mpeg
[2012/12/03 07:51:01 | 000,002,180 | ---- | M] () -- I:\Users\Benutzer\AppData\Local\recently-used.xbel
[2012/12/03 07:45:25 | 002,675,204 | ---- | M] () -- I:\Users\Benutzer\Desktop\Bicycles_Motorcycles_and_Models.pdf
[2012/12/01 17:58:30 | 004,361,879 | ---- | M] () -- I:\Users\Benutzer\Desktop\CHASSIE-MOTOR65SX02.pdf
[2012/12/01 17:51:16 | 003,786,141 | ---- | M] () -- I:\Users\Benutzer\Desktop\13_3211855_de_OM_f1cf61.pdf
[2012/11/30 16:30:29 | 000,040,637 | ---- | M] () -- I:\Users\Benutzer\Desktop\neues Kombi.JPG
[2012/11/30 05:55:16 | 000,000,081 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u
[2012/11/27 17:46:46 | 002,229,515 | ---- | M] () -- I:\Users\Benutzer\Desktop\2004_RS125R.pdf
[2012/11/27 17:03:12 | 001,752,361 | ---- | M] () -- I:\Users\Benutzer\Desktop\2006_NSF100.pdf
[2012/11/17 18:13:00 | 000,001,137 | ---- | M] () -- I:\Users\Benutzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/17 18:04:01 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/17 18:03:41 | 000,613,112 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/11/11 02:57:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/11 02:57:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/12/08 12:55:54 | 000,050,477 | ---- | C] () -- I:\Users\Guest\Desktop\Defogger.exe
[2012/12/06 17:46:57 | 000,540,743 | ---- | C] () -- I:\Users\Benutzer\Desktop\adwcleaner.exe
[2012/12/06 17:32:58 | 000,000,004 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\skype.ini
[2012/12/06 17:25:07 | 002,558,036 | ---- | C] () -- I:\Users\Benutzer\Desktop\23.mpeg
[2012/12/06 17:20:05 | 002,564,318 | ---- | C] () -- I:\Users\Benutzer\Desktop\8.mpeg
[2012/12/03 07:51:01 | 000,002,180 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\recently-used.xbel
[2012/12/03 07:45:25 | 002,675,204 | ---- | C] () -- I:\Users\Benutzer\Desktop\Bicycles_Motorcycles_and_Models.pdf
[2012/12/01 17:58:29 | 004,361,879 | ---- | C] () -- I:\Users\Benutzer\Desktop\CHASSIE-MOTOR65SX02.pdf
[2012/12/01 17:51:15 | 003,786,141 | ---- | C] () -- I:\Users\Benutzer\Desktop\13_3211855_de_OM_f1cf61.pdf
[2012/11/30 16:30:29 | 000,040,637 | ---- | C] () -- I:\Users\Benutzer\Desktop\neues Kombi.JPG
[2012/11/27 17:46:46 | 002,229,515 | ---- | C] () -- I:\Users\Benutzer\Desktop\2004_RS125R.pdf
[2012/11/27 17:03:12 | 001,752,361 | ---- | C] () -- I:\Users\Benutzer\Desktop\2006_NSF100.pdf
[2012/11/17 03:42:24 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:34:47 | 000,000,003 | ---- | C] () -- I:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 02:57:12 | 000,000,884 | ---- | C] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 13:44:36 | 000,000,620 | ---- | C] () -- I:\Windows\_DC-CDI-P_v67.ini
[2012/04/09 13:44:36 | 000,000,333 | ---- | C] () -- I:\Windows\DC-CDI-P_v67.ini
[2012/02/15 14:28:04 | 000,000,013 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\CO2361A2-Y320-06AD-SH33-5287B13CB100.ini
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- I:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- I:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- I:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/11 12:10:26 | 000,062,976 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\skype.dat
[2011/09/25 14:08:59 | 000,007,635 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\Resmon.ResmonCfg
[2011/09/25 13:19:51 | 001,534,724 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/10 21:06:32 | 000,007,282 | ---- | C] () -- I:\Windows\cadx2.ini
[2011/07/01 14:59:38 | 000,043,008 | ---- | C] () -- I:\Windows\SysWow64\spwini.dll
[2011/06/23 11:22:25 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/29 16:31:55 | 000,028,672 | ---- | C] () -- I:\Users\Benutzer\AppData\Local\WebpageIcons.db
[2010/07/18 05:18:57 | 000,000,000 | ---- | C] () -- I:\Windows\eDrawingOfficeAutomator.INI
[2010/07/08 12:43:49 | 000,007,103 | ---- | C] () -- I:\Windows\mgxoschk.ini
[2010/04/19 12:40:08 | 000,000,081 | ---- | C] () -- I:\Users\Benutzer\AppData\Roaming\AVSMediaPlayer.m3u
[2010/04/18 15:10:03 | 000,524,288 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll
[2010/04/18 15:10:03 | 000,139,264 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll
[2010/03/19 14:41:59 | 000,068,640 | ---- | C] () -- I:\Windows\unTMV.exe
[2010/03/17 13:42:18 | 000,000,056 | -H-- | C] () -- I:\ProgramData\ezsidmv.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2007/08/21 13:46:34 | 000,059,160 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll
[2007/04/27 02:43:58 | 000,120,200 | ---- | C] () -- I:\Windows\SysWow64\DLLDEV32i.dll
========== LOP Check ==========
[2012/09/27 16:27:27 | 000,000,000 | ---D | M] -- I:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2010/08/12 15:14:38 | 000,000,000 | ---D | M] -- I:\ProgramData\BVRP Software
[2010/07/18 05:42:37 | 000,000,000 | ---D | M] -- I:\ProgramData\DassaultSystemes
[2010/09/26 13:38:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Delcam
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2010/07/08 12:10:08 | 000,000,000 | ---D | M] -- I:\ProgramData\MAGIX
[2010/12/08 17:04:15 | 000,000,000 | ---D | M] -- I:\ProgramData\PassMark
[2010/04/10 13:57:01 | 000,000,000 | ---D | M] -- I:\ProgramData\Pinnacle
[2010/04/10 13:44:39 | 000,000,000 | ---D | M] -- I:\ProgramData\PinnacleExtractor
[2012/01/20 14:57:30 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung
[2012/08/29 13:43:55 | 000,000,000 | ---D | M] -- I:\ProgramData\Sony
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2012/07/22 03:49:51 | 000,000,000 | ---D | M] -- I:\ProgramData\tjdmkcxtyodiojz
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2012/09/02 04:25:29 | 000,032,640 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/09/29 08:34:11 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2010/09/10 15:31:12 | 000,000,000 | ---D | M] -- I:\CAD
[2012/11/17 18:02:59 | 000,000,000 | -HSD | M] -- I:\Config.Msi
[2010/09/26 13:41:33 | 000,000,000 | ---D | M] -- I:\dcam
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2010/04/17 12:02:15 | 000,000,000 | ---D | M] -- I:\DynoRuns
[2010/03/16 16:31:18 | 000,000,000 | ---D | M] -- I:\Intel
[2010/04/10 14:15:31 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2012/04/15 05:33:46 | 000,000,000 | ---D | M] -- I:\NVIDIA
[2011/11/04 12:28:27 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2012/09/27 16:26:43 | 000,000,000 | R--D | M] -- I:\Program Files
[2012/11/07 14:58:00 | 000,000,000 | R--D | M] -- I:\Program Files (x86)
[2012/09/27 16:26:42 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Programme
[2010/03/16 16:48:37 | 000,000,000 | ---D | M] -- I:\RaidTool
[2010/03/16 16:14:20 | 000,000,000 | -HSD | M] -- I:\Recovery
[2010/07/18 05:15:57 | 000,000,000 | ---D | M] -- I:\SolidWorks Data
[2010/11/14 14:44:01 | 000,000,000 | ---D | M] -- I:\SolidWorks Data (2)
[2012/12/07 13:11:27 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2012/10/18 16:30:57 | 000,000,000 | ---D | M] -- I:\temp
[2012/04/15 05:34:40 | 000,000,000 | R--D | M] -- I:\Users
[2012/12/08 11:25:59 | 000,000,000 | ---D | M] -- I:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2010/01/26 16:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- I:\Program Files\MATLAB\MATLAB Compiler Runtime\v717\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
Wie gehts weiter
Gruss Paul24
|
08.12.2012, 20:07
Baum-Darstellung