Plagegeister aller Art und deren Bekämpfung: GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
| ![]() GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. Hallo zusammen, Ich bin neu hier, habe mir die Regeln und auch aehnliche Themen soweit durchgelesen, aber in meinem Fall handelt es sich wohl um eine spezielle Notsituation: sitze zur Zeit als Austauschstudent in Japan, hab mir vor einer Stunde diesen GemaVirus auf meinem normalen Laptop (Win7, meines Wissens 64 Bit) eingefangen und versuche jetzt mit dem Laptop meines chinesischen Zimmernachbars hier in halbwegs ordentlichem Deutsch mein Problem zu schildern: 1. Seit dem ersten Auftreten des Gemavirus erscheint ein Fenster mit dem Titel Dieses Programm kann die Webseite nicht anzeigen. 2. Das gleiche geschieht auch im abgesicherten Modus, ich bin also nicht in der Lage, irgendetwas an meinem PC zu machen. Auch Versuche, den Autostart im abgesicherten Modus mit Eingabeaufforderung zu unterbinden sind gescheitert. Ich habe bereits einen Thread hier gefunden, in dem eine Loesung fuer ein aehnliches Problem bei Vista vorgebracht wurde, die aber die Verwendung der WinInstallationscd beinhaltete. Die liegt leider brav in Deutschland, gegenwaertig kann ich hoechstens einen leeren USBStick auftreiben. Da ich meinen PC dringend fuer meine Forschungsarbeit benoetige, befinde ich mich gerade wirklich in einer extremen Zwickmuehle und waere euch sehr dankbar, wenn ihr mir weiterhelfen koenntet. Vielen Dank! Thomas |
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:
Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
Bebilderte Anleitung: OTLpe-Scan
| ![]() GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. Vielen Dank fuer die Antwort: Habe die Anweisungen befolgt und eine entsprechende CD gebrannt, beim Booten von Reatogo X PE bekomme ich beim hochfahren von WinXP folgende Fehlermeldung auf blauem Bildschirm:
__________________A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time youve seen this Stop error screen, restart your computer. If this screen appears again, follow these steps: Check for viruses on your computer. Remove anly newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK / F to check for hard drive corruption, and then restart your computer. Technical information> ``` STOP> 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000) Bin wirklich ratlos, nach dem ersten Erfolgserlebnis beim booten schon Hoffnung geschoepft und jetzt das. Koennt ihr mir bitte weiterhelfen!? Vielen Dank! |
hi gehe mal ins bios, prüfe ob dort der ide oder ahci mode gewählt ist, stelle jeweils den gegenteiligen modus ein und probiers erneut mit otl.
| ![]() GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. So, endlich das Ganze zum Laufen bekommen, hier sind die Logs (leider nicht herausgefunden, wie ich die Logs in einen Code-Kasten packen kann):OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/6/2012 10:31:12 AM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE 64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS Drive D: | 119.14 Gb Total Space | 3.73 Gb Free Space | 3.13% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/12/03 06:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:64bit: - [2010/12/02 07:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2010/11/24 11:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2010/10/19 09:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Disabled] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2010/10/19 09:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Disabled] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2010/07/27 08:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2010/07/27 08:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2010/06/16 08:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand] -- D:\Windows\System32\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010/04/07 08:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2010/03/26 15:33:00 | 001,045,504 | ---- | M] ( ) [Disabled] -- D:\Windows\System32\lmabcoms.exe -- (lmab_device) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/02/28 20:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/10/10 13:48:07 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/09/23 13:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/09/23 13:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 07:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/21 07:21:24 | 000,632,832 | ---- | M] (Nokia) [Disabled] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/03/16 04:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/18 12:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Disabled] -- D:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010/09/17 12:50:54 | 000,259,432 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010/09/17 12:50:48 | 000,124,264 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010/08/24 21:30:00 | 000,164,200 | ---- | M] (Lenovo.) [Disabled] -- D:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2010/08/24 21:30:00 | 000,075,112 | ---- | M] (Lenovo) [Disabled] -- D:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010/05/03 07:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Disabled] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/05/03 07:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/04/24 06:46:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/26 15:33:00 | 000,593,920 | ---- | M] ( ) [Disabled] -- D:\Windows\SysWow64\lmabcoms.exe -- (lmab_device) SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/02/18 08:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003/04/18 14:06:26 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/17 08:17:08 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/11/12 07:43:05 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2011/09/15 18:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/09/15 18:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/07/26 08:58:18 | 000,572,336 | ---- | M] (Paragon) [Kernel | System] -- D:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011/07/26 08:58:18 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- D:\Windows\System32\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011/07/26 08:58:16 | 000,352,816 | ---- | M] (Paragon) [Kernel | System] -- D:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011/05/10 02:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/01 09:44:53 | 000,314,016 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/03/01 09:44:53 | 000,043,680 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011/02/28 13:16:45 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/01/13 06:21:28 | 000,166,656 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\5U877.sys -- (5U877) DRV:64bit: - [2010/12/02 09:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010/12/02 09:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010/12/02 09:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010/12/02 09:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010/11/28 16:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/10/17 21:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010/10/14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010/09/07 09:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System] -- D:\Windows\System32\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010/08/25 05:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/08/24 21:30:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2010/08/24 21:30:00 | 000,013,104 | ---- | M] () [Kernel | System] -- D:\Windows\System32\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010/07/22 04:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2010/07/21 10:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/06/16 08:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2010/06/16 08:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot] -- D:\Windows\System32\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010/04/28 02:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/04/23 18:52:57 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\psadd.sys -- (psadd) DRV:64bit: - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/03/25 07:09:06 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010/03/25 07:09:06 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010/03/25 07:09:06 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010/03/17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/11/18 23:01:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto] -- D:\Windows\System32\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/03/13 07:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto] -- D:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2) DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2011/12/10 16:27:25 | 000,120,320 | ---- | M] () [Kernel | System] -- D:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65) DRV - [2010/03/26 03:39:50 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\AS_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 4F 61 57 37 ED CB 01 [binary data] IE - HKU\AS_ON_D\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found IE - HKU\AS_ON_D\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKU\AS_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\AS_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "handelsblatt.com|www.nzz.ch|www.sz.de|faz.net|tagblatt.ch" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}: FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}: FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6073ee7d0000000000000024d70ad4e5&tlver=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: D:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\AS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: File not found FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/10/07 16:36:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/10 16:13:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/10 16:13:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/08 05:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 01:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/28 08:33:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/08 05:40:00 | 000,000,000 | ---D | M] [2010/04/23 18:53:39 | 000,000,000 | ---D | M] (No name found) -- D:\Users\AS\AppData\Roaming\Mozilla\Extensions [2012/03/01 07:50:22 | 000,000,000 | ---D | M] (No name found) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions [2012/02/15 22:04:22 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011/10/12 13:21:36 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\extensions\battlefieldplay4free@ea.com [2010/09/09 15:35:09 | 000,002,101 | ---- | M] () -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\googlede.xml [2011/10/25 00:45:58 | 000,003,915 | ---- | M] () -- D:\Users\AS\AppData\Roaming\Mozilla\Firefox\Profiles\gobmsww8.default\searchplugins\sweetim.xml [2012/01/11 01:45:38 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/28 19:26:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- () (No name found) -- D:\USERS\AS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GOBMSWW8.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI [2012/03/19 01:10:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/15 09:06:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/13 08:27:49 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/13 08:27:49 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/13 08:27:49 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/02/13 08:27:49 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/13 08:27:49 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/13 08:27:49 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | R--- | M]) - D:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - D:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - File not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\AS_ON_D\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O4:64bit: - HKLM..\Run: [AcWin7Hlpr] D:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] D:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [LMPSSDMON] D:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe () O4:64bit: - HKLM..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] D:\Windows\System32\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Freecorder FLV Service] File not found O4 - HKLM..\Run: [gema.] File not found O4 - HKLM..\Run: [IMSS] D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PWMTRV] D:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] D:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKU\AS_ON_D..\Run: [] File not found O4 - HKU\AS_ON_D..\Run: [AdobeBridge] File not found O4 - HKU\AS_ON_D..\Run: [gema] D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf) O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\AS_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - AS_ON_D\..Trusted Domains: unisg.ch ([serviceportal] https in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - D:\Windows\System32\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - D:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\AS_ON_D Winlogon: Shell - (C:\Users\AS\AppData\Roaming\gema\gema.exe) - D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf) O20 - HKU\AS_ON_D Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - D:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18244e10-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\T3AP.exe O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18244e11-8acf-11df-b97d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EpaNt908\Setup.exe O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell - "" = AutoRun O33 - MountPoints2\{2e68fbae-a13e-11df-93a0-002713968e1c}\Shell\AutoRun\command - "" = D:\Setup_German.exe O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell - "" = AutoRun O33 - MountPoints2\{6226b780-4afd-11e0-8bef-002713968e1c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell - "" = AutoRun O33 - MountPoints2\{b010b641-b932-11df-9295-002713968e1c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{be0377c0-435e-11e0-8ae2-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45BFEAA3-0A52-F305-91ED-982AC6122D5B} - Offline Browsing Pack ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {735CE95D-B0BD-9427-9419-CD9C0959DCCE} - Themes Setup ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {BCE2E75D-EE14-48F8-990E-AC87C57FFB84} - Bing Bar ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{BB89BA8E-2153-4651-A4EC-E63ED120FA89} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^AS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - D:\Users\AS\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - D:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LMab1err - hkey= - key= - D:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( ) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - D:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - D:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - D:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDFServiceEngine - hkey= - key= - D:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - D:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2012/04/06 10:19:37 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2012/04/02 23:58:05 | 000,000,000 | ---D | C] -- D:\Users\AS\AppData\Roaming\gema [2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/28 19:25:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Skype [2012/03/22 15:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- D:\Windows\SysWow64\GPhotos.scr [2012/03/21 00:59:34 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone [2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Rosetta Stone [2012/03/21 00:59:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Rosetta Stone [2012/03/19 23:53:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/03/19 23:52:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Google [2012/03/12 14:59:39 | 000,000,000 | ---D | C] -- D:\Users\AS\Documents\Calibre Bibliothek [2012/03/12 14:59:38 | 000,000,000 | ---D | C] -- D:\Users\AS\AppData\Roaming\calibre [2012/03/12 14:58:15 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Calibre2 [2012/03/12 14:58:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2010/10/02 04:09:16 | 001,044,480 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabserv.dll [2010/10/02 04:09:16 | 000,802,816 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcomc.dll [2010/10/02 04:09:16 | 000,372,736 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcomm.dll [2010/10/02 04:09:16 | 000,356,352 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabhcp.dll [2010/10/02 04:09:15 | 000,593,920 | ---- | C] ( ) -- D:\Windows\SysWow64\lmabcoms.exe [2005/12/05 13:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\dsetup32.dll [2005/12/05 13:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\DXSETUP.exe [2005/12/05 13:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- D:\Program Files (x86)\DSETUP.dll [5 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ] [3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] [2 D:\Users\AS\Documents\*.tmp files -> D:\Users\AS\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/06 10:31:05 | 000,000,648 | ---- | M] () -- D:\Notes [2012/04/05 08:36:27 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2012/04/05 05:12:28 | 000,000,418 | RHS- | M] () -- D:\ProgramData\ntuser.pol [2012/04/05 03:34:29 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 03:34:29 | 000,017,360 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 03:27:21 | 3060,535,296 | -HS- | M] () -- D:\hiberfil.sys [2012/04/03 00:09:43 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- D:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- D:\Windows\tasks\SystemToolsDailyTest.job [2012/04/02 18:30:10 | 000,715,660 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2012/04/02 18:30:10 | 000,669,726 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2012/04/02 18:30:10 | 000,154,264 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2012/04/02 18:30:10 | 000,126,878 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2012/03/28 19:25:47 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/23 03:07:30 | 000,806,384 | ---- | M] () -- D:\Users\AS\Desktop\Direction Softbank Store.jpg [2012/03/22 15:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- D:\Windows\SysWow64\GPhotos.scr [2012/03/21 00:59:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone [2012/03/20 20:46:18 | 000,167,551 | ---- | M] () -- D:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_Anian_Staebler.pdf [2012/03/19 23:53:50 | 000,001,070 | ---- | M] () -- D:\Users\Public\Desktop\Picasa 3.lnk [2012/03/19 23:53:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/03/12 14:58:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012/03/12 14:58:22 | 000,000,920 | ---- | M] () -- D:\Users\Public\Desktop\calibre - E-book management.lnk [5 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ] [3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] [2 D:\Users\AS\Documents\*.tmp files -> D:\Users\AS\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/06 10:31:05 | 000,000,648 | ---- | C] () -- D:\Notes [2012/03/23 03:07:30 | 000,806,384 | ---- | C] () -- D:\Users\AS\Desktop\Direction Softbank Store.jpg [2012/03/20 20:46:17 | 000,167,551 | ---- | C] () -- D:\Users\AS\Documents\Application_for_Japanese_Language_Program(CEMS)_Anian_Staebler.pdf [2012/03/19 23:53:50 | 000,001,070 | ---- | C] () -- D:\Users\Public\Desktop\Picasa 3.lnk [2012/03/12 14:58:22 | 000,000,920 | ---- | C] () -- D:\Users\Public\Desktop\calibre - E-book management.lnk [2012/02/15 06:05:17 | 000,077,824 | ---- | C] () -- D:\Windows\KMService.exe [2012/02/15 06:05:17 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe [2011/12/29 09:14:11 | 000,000,023 | ---- | C] () -- D:\Windows\BlendSettings.ini [2011/12/12 13:00:53 | 000,043,520 | ---- | C] () -- D:\Windows\SysWow64\CmdLineExt03.dll [2011/12/10 16:27:25 | 000,120,320 | ---- | C] () -- D:\Windows\SysWow64\drivers\SSHDRV65.sys [2011/09/19 09:58:14 | 000,000,418 | RHS- | C] () -- D:\ProgramData\ntuser.pol [2011/06/07 01:32:29 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2011/05/25 17:14:12 | 000,010,240 | ---- | C] () -- D:\Windows\SysWow64\vidx16.dll [2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat [2011/03/19 10:18:57 | 000,066,856 | ---- | C] () -- D:\Windows\SysWow64\SynTPEnhPS.dll [2011/03/19 09:54:55 | 000,867,020 | ---- | C] () -- D:\Windows\SysWow64\igkrng575.bin [2011/03/19 09:54:44 | 000,105,408 | ---- | C] () -- D:\Windows\SysWow64\igfcg575m.bin [2011/03/19 09:54:42 | 000,128,204 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng575.bin [2010/12/10 09:09:45 | 000,234,768 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe [2010/12/10 09:09:42 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe [2010/11/10 17:05:39 | 000,000,132 | ---- | C] () -- D:\Users\AS\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/10/02 04:07:09 | 000,028,672 | ---- | C] () -- D:\Windows\hookdllX.dll [2010/10/02 04:07:09 | 000,011,776 | ---- | C] () -- D:\Windows\SysWow64\pmsbfn32.dll [2010/09/27 14:38:27 | 000,001,025 | ---- | C] () -- D:\Windows\SysWow64\sysprs7.dll [2010/09/27 14:38:27 | 000,000,205 | ---- | C] () -- D:\Windows\SysWow64\lsprst7.dll [2010/09/26 13:06:58 | 000,000,132 | ---- | C] () -- D:\Users\AS\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/08/03 10:25:00 | 000,000,756 | ---- | C] () -- D:\Users\AS\AppData\Eudora.lnk [2010/07/10 10:04:47 | 000,320,000 | ---- | C] () -- D:\Windows\SysWow64\roboex32.dll [2010/07/10 10:04:21 | 000,000,750 | RH-- | C] () -- D:\Windows\SysWow64\ttri.dat [2010/06/02 00:22:54 | 001,412,902 | ---- | C] () -- D:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab [2010/06/02 00:22:54 | 001,127,217 | ---- | C] () -- D:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab [2010/06/02 00:22:54 | 000,273,960 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XAudio_x64.cab [2010/06/02 00:22:54 | 000,272,611 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XAudio_x86.cab [2010/06/02 00:22:54 | 000,182,361 | ---- | C] () -- D:\Program Files (x86)\OCT2006_XACT_x64.cab [2010/06/02 00:22:54 | 000,138,017 | ---- | C] () -- D:\Program Files (x86)\OCT2006_XACT_x86.cab [2010/06/02 00:22:52 | 001,906,878 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab [2010/06/02 00:22:52 | 001,550,796 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab [2010/06/02 00:22:52 | 000,965,421 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab [2010/06/02 00:22:52 | 000,121,794 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XACT_x64.cab [2010/06/02 00:22:52 | 000,092,684 | ---- | C] () -- D:\Program Files (x86)\Nov2008_XACT_x86.cab [2010/06/02 00:22:52 | 000,054,522 | ---- | C] () -- D:\Program Files (x86)\Nov2008_X3DAudio_x64.cab [2010/06/02 00:22:52 | 000,021,851 | ---- | C] () -- D:\Program Files (x86)\Nov2008_X3DAudio_x86.cab [2010/06/02 00:22:50 | 000,994,154 | ---- | C] () -- D:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab [2010/06/02 00:22:50 | 000,196,762 | ---- | C] () -- D:\Program Files (x86)\NOV2007_XACT_x64.cab [2010/06/02 00:22:50 | 000,148,264 | ---- | C] () -- D:\Program Files (x86)\NOV2007_XACT_x86.cab [2010/06/02 00:22:50 | 000,046,144 | ---- | C] () -- D:\Program Files (x86)\NOV2007_X3DAudio_x64.cab [2010/06/02 00:22:50 | 000,018,496 | ---- | C] () -- D:\Program Files (x86)\NOV2007_X3DAudio_x86.cab [2010/06/02 00:22:48 | 001,802,058 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab [2010/06/02 00:22:48 | 001,709,360 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab [2010/06/02 00:22:48 | 000,864,600 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab [2010/06/02 00:22:48 | 000,803,884 | ---- | C] () -- D:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab [2010/06/02 00:22:48 | 000,273,018 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XAudio_x86.cab [2010/06/02 00:22:46 | 000,275,044 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XAudio_x64.cab [2010/06/02 00:22:46 | 000,121,506 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XACT_x64.cab [2010/06/02 00:22:46 | 000,092,740 | ---- | C] () -- D:\Program Files (x86)\Mar2009_XACT_x86.cab [2010/06/02 00:22:38 | 000,054,600 | ---- | C] () -- D:\Program Files (x86)\Mar2009_X3DAudio_x64.cab [2010/06/02 00:22:38 | 000,021,298 | ---- | C] () -- D:\Program Files (x86)\Mar2009_X3DAudio_x86.cab [2010/06/02 00:22:36 | 001,973,702 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab [2010/06/02 00:22:36 | 001,612,446 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab [2010/06/02 00:22:36 | 001,067,160 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab [2010/06/02 00:22:36 | 001,040,745 | ---- | C] () -- D:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab [2010/06/02 00:22:36 | 000,251,194 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XAudio_x64.cab [2010/06/02 00:22:36 | 000,226,250 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XAudio_x86.cab [2010/06/02 00:22:36 | 000,122,336 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XACT_x64.cab [2010/06/02 00:22:36 | 000,093,734 | ---- | C] () -- D:\Program Files (x86)\Mar2008_XACT_x86.cab [2010/06/02 00:22:34 | 001,769,862 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab [2010/06/02 00:22:34 | 001,443,282 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab [2010/06/02 00:22:34 | 000,818,260 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab [2010/06/02 00:22:34 | 000,055,058 | ---- | C] () -- D:\Program Files (x86)\Mar2008_X3DAudio_x64.cab [2010/06/02 00:22:34 | 000,021,867 | ---- | C] () -- D:\Program Files (x86)\Mar2008_X3DAudio_x86.cab [2010/06/02 00:22:32 | 000,937,246 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab [2010/06/02 00:22:32 | 000,844,884 | ---- | C] () -- D:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab [2010/06/02 00:22:32 | 000,768,036 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab [2010/06/02 00:22:32 | 000,278,060 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XAudio_x86.cab [2010/06/02 00:22:32 | 000,277,338 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XAudio_x64.cab [2010/06/02 00:22:32 | 000,124,596 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XACT_x64.cab [2010/06/02 00:22:32 | 000,093,686 | ---- | C] () -- D:\Program Files (x86)\Jun2010_XACT_x86.cab [2010/06/02 00:22:30 | 000,762,188 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab [2010/06/02 00:22:30 | 000,235,955 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab [2010/06/02 00:22:30 | 000,197,283 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab [2010/06/02 00:22:30 | 000,138,205 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab [2010/06/02 00:22:30 | 000,109,445 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab [2010/06/02 00:22:28 | 000,944,460 | ---- | C] () -- D:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab [2010/06/02 00:22:28 | 000,931,471 | ---- | C] () -- D:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab [2010/06/02 00:22:28 | 000,752,783 | ---- | C] () -- D:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab [2010/06/02 00:22:20 | 000,269,024 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XAudio_x86.cab [2010/06/02 00:22:18 | 001,792,608 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab [2010/06/02 00:22:18 | 001,463,878 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab [2010/06/02 00:22:18 | 000,867,828 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab [2010/06/02 00:22:18 | 000,849,919 | ---- | C] () -- D:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab [2010/06/02 00:22:18 | 000,269,628 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XAudio_x64.cab [2010/06/02 00:22:18 | 000,152,909 | ---- | C] () -- D:\Program Files (x86)\JUN2007_XACT_x86.cab [2010/06/02 00:22:18 | 000,121,054 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XACT_x64.cab [2010/06/02 00:22:18 | 000,093,128 | ---- | C] () -- D:\Program Files (x86)\JUN2008_XACT_x86.cab [2010/06/02 00:22:18 | 000,055,154 | ---- | C] () -- D:\Program Files (x86)\JUN2008_X3DAudio_x64.cab [2010/06/02 00:22:18 | 000,021,905 | ---- | C] () -- D:\Program Files (x86)\JUN2008_X3DAudio_x86.cab [2010/06/02 00:22:16 | 001,607,774 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab [2010/06/02 00:22:16 | 001,607,286 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab [2010/06/02 00:22:16 | 000,699,044 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab [2010/06/02 00:22:16 | 000,698,472 | ---- | C] () -- D:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab [2010/06/02 00:22:16 | 000,197,122 | ---- | C] () -- D:\Program Files (x86)\JUN2007_XACT_x64.cab [2010/06/02 00:22:16 | 000,180,785 | ---- | C] () -- D:\Program Files (x86)\JUN2006_XACT_x64.cab [2010/06/02 00:22:16 | 000,133,671 | ---- | C] () -- D:\Program Files (x86)\JUN2006_XACT_x86.cab [2010/06/02 00:22:14 | 000,277,191 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XAudio_x86.cab [2010/06/02 00:22:14 | 000,276,960 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XAudio_x64.cab [2010/06/02 00:22:14 | 000,122,446 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XACT_x64.cab [2010/06/02 00:22:14 | 000,093,180 | ---- | C] () -- D:\Program Files (x86)\Feb2010_XACT_x86.cab [2010/06/02 00:22:12 | 000,194,675 | ---- | C] () -- D:\Program Files (x86)\FEB2007_XACT_x64.cab [2010/06/02 00:22:12 | 000,147,983 | ---- | C] () -- D:\Program Files (x86)\FEB2007_XACT_x86.cab [2010/06/02 00:22:12 | 000,054,678 | ---- | C] () -- D:\Program Files (x86)\Feb2010_X3DAudio_x64.cab [2010/06/02 00:22:12 | 000,020,713 | ---- | C] () -- D:\Program Files (x86)\Feb2010_X3DAudio_x86.cab [2010/06/02 00:22:10 | 000,178,359 | ---- | C] () -- D:\Program Files (x86)\Feb2006_XACT_x64.cab [2010/06/02 00:22:10 | 000,132,409 | ---- | C] () -- D:\Program Files (x86)\Feb2006_XACT_x86.cab [2010/06/02 00:22:04 | 001,084,720 | ---- | C] () -- D:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab [2010/06/02 00:22:02 | 001,574,376 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab [2010/06/02 00:22:02 | 001,362,796 | ---- | C] () -- D:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab [2010/06/02 00:22:02 | 000,192,475 | ---- | C] () -- D:\Program Files (x86)\DEC2006_XACT_x64.cab [2010/06/02 00:22:02 | 000,145,599 | ---- | C] () -- D:\Program Files (x86)\DEC2006_XACT_x86.cab [2010/06/02 00:22:00 | 001,571,154 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab [2010/06/02 00:22:00 | 000,273,264 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XAudio_x64.cab [2010/06/02 00:22:00 | 000,272,642 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XAudio_x86.cab [2010/06/02 00:22:00 | 000,212,807 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab [2010/06/02 00:22:00 | 000,191,720 | ---- | C] () -- D:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab [2010/06/02 00:22:00 | 000,122,408 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XACT_x64.cab [2010/06/02 00:22:00 | 000,093,106 | ---- | C] () -- D:\Program Files (x86)\Aug2009_XACT_x86.cab [2010/06/02 00:21:58 | 000,930,116 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab [2010/06/02 00:21:58 | 000,728,456 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab [2010/06/02 00:21:58 | 000,232,635 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab [2010/06/02 00:21:58 | 000,192,131 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab [2010/06/02 00:21:58 | 000,136,301 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab [2010/06/02 00:21:58 | 000,105,044 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab [2010/06/02 00:21:56 | 003,319,740 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab [2010/06/02 00:21:56 | 003,112,111 | ---- | C] () -- D:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab [2010/06/02 00:21:56 | 000,900,598 | ---- | C] () -- D:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab [2010/06/02 00:21:46 | 000,919,044 | ---- | C] () -- D:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab [2010/06/02 00:21:46 | 000,271,412 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XAudio_x64.cab [2010/06/02 00:21:46 | 000,271,038 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XAudio_x86.cab [2010/06/02 00:21:44 | 001,794,084 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab [2010/06/02 00:21:44 | 001,464,672 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab [2010/06/02 00:21:44 | 000,849,167 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab [2010/06/02 00:21:44 | 000,198,096 | ---- | C] () -- D:\Program Files (x86)\AUG2007_XACT_x64.cab [2010/06/02 00:21:44 | 000,153,012 | ---- | C] () -- D:\Program Files (x86)\AUG2007_XACT_x86.cab [2010/06/02 00:21:44 | 000,121,772 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XACT_x64.cab [2010/06/02 00:21:44 | 000,092,996 | ---- | C] () -- D:\Program Files (x86)\Aug2008_XACT_x86.cab [2010/06/02 00:21:42 | 001,800,160 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab [2010/06/02 00:21:42 | 001,708,152 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab [2010/06/02 00:21:42 | 000,867,612 | ---- | C] () -- D:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab [2010/06/02 00:21:42 | 000,852,286 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab [2010/06/02 00:21:42 | 000,796,867 | ---- | C] () -- D:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab [2010/06/02 00:21:40 | 000,182,903 | ---- | C] () -- D:\Program Files (x86)\AUG2006_XACT_x64.cab [2010/06/02 00:21:40 | 000,137,235 | ---- | C] () -- D:\Program Files (x86)\AUG2006_XACT_x86.cab [2010/06/02 00:21:40 | 000,087,142 | ---- | C] () -- D:\Program Files (x86)\AUG2006_xinput_x64.cab [2010/06/02 00:21:40 | 000,053,302 | ---- | C] () -- D:\Program Files (x86)\APR2007_xinput_x86.cab [2010/06/02 00:21:40 | 000,046,058 | ---- | C] () -- D:\Program Files (x86)\AUG2006_xinput_x86.cab [2010/06/02 00:21:38 | 001,606,039 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx9_33_x86.cab [2010/06/02 00:21:38 | 000,195,766 | ---- | C] () -- D:\Program Files (x86)\APR2007_XACT_x64.cab [2010/06/02 00:21:38 | 000,151,225 | ---- | C] () -- D:\Program Files (x86)\APR2007_XACT_x86.cab [2010/06/02 00:21:38 | 000,096,817 | ---- | C] () -- D:\Program Files (x86)\APR2007_xinput_x64.cab [2010/06/02 00:21:36 | 001,607,358 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx9_33_x64.cab [2010/06/02 00:21:36 | 000,698,612 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx10_33_x64.cab [2010/06/02 00:21:36 | 000,695,865 | ---- | C] () -- D:\Program Files (x86)\APR2007_d3dx10_33_x86.cab [2010/06/02 00:21:34 | 000,046,010 | ---- | C] () -- D:\Program Files (x86)\Apr2006_xinput_x86.cab [2010/06/02 00:21:20 | 000,087,101 | ---- | C] () -- D:\Program Files (x86)\Apr2006_xinput_x64.cab [2010/06/02 00:21:18 | 004,162,630 | ---- | C] () -- D:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab [2010/06/02 00:21:18 | 000,916,430 | ---- | C] () -- D:\Program Files (x86)\Apr2006_MDX1_x86.cab [2010/06/02 00:21:18 | 000,179,133 | ---- | C] () -- D:\Program Files (x86)\Apr2006_XACT_x64.cab [2010/06/02 00:21:18 | 000,133,103 | ---- | C] () -- D:\Program Files (x86)\Apr2006_XACT_x86.cab [2010/06/02 00:21:16 | 001,397,830 | ---- | C] () -- D:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab [2010/06/02 00:21:16 | 001,115,221 | ---- | C] () -- D:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab [2010/05/09 06:49:16 | 000,000,162 | ---- | C] () -- D:\Windows\Readiris.ini [2010/05/09 06:07:39 | 000,120,200 | ---- | C] () -- D:\Windows\SysWow64\DLLDEV32i.dll [2010/05/09 06:07:27 | 000,007,103 | ---- | C] () -- D:\Windows\mgxoschk.ini [2010/05/08 14:34:23 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini [2010/05/02 09:16:44 | 000,006,144 | ---- | C] () -- D:\Users\AS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/30 13:17:23 | 000,000,056 | -H-- | C] () -- D:\Windows\SysWow64\ezsidmv.dat [2010/04/28 05:44:54 | 001,639,670 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat [2009/06/07 07:27:20 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\vbzlib1.dll [2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys [2005/12/05 13:28:30 | 003,673,932 | ---- | C] () -- D:\Program Files (x86)\Dec2005_MDX1_x86_Archive.cab [2005/12/05 13:28:04 | 001,358,864 | ---- | C] () -- D:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab [2005/12/05 13:28:02 | 000,086,925 | ---- | C] () -- D:\Program Files (x86)\Oct2005_xinput_x64.cab [2005/12/05 13:28:02 | 000,046,247 | ---- | C] () -- D:\Program Files (x86)\Oct2005_xinput_x86.cab [2005/12/05 13:28:02 | 000,041,888 | ---- | C] () -- D:\Program Files (x86)\dxdllreg_x86.cab [2005/12/05 13:28:00 | 000,916,806 | ---- | C] () -- D:\Program Files (x86)\Dec2005_MDX1_x86.cab [2005/12/05 13:27:58 | 001,080,344 | ---- | C] () -- D:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab [2005/12/05 13:00:46 | 000,081,092 | ---- | C] () -- D:\Program Files (x86)\dxupdate.cab [2005/12/05 13:00:44 | 001,351,430 | ---- | C] () -- D:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab [2005/12/05 13:00:44 | 001,348,242 | ---- | C] () -- D:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab [2005/12/05 13:00:44 | 001,336,890 | ---- | C] () -- D:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab [2005/12/05 13:00:44 | 001,248,387 | ---- | C] () -- D:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab [2005/12/05 13:00:44 | 001,079,850 | ---- | C] () -- D:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab [2005/12/05 13:00:44 | 001,078,532 | ---- | C] () -- D:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab [2005/12/05 13:00:44 | 001,065,813 | ---- | C] () -- D:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab [2005/12/05 13:00:44 | 001,014,113 | ---- | C] () -- D:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab [2005/12/05 13:00:42 | 013,265,040 | ---- | C] () -- D:\Program Files (x86)\dxnt.cab [2005/12/05 13:00:40 | 015,493,481 | ---- | C] () -- D:\Program Files (x86)\DirectX.cab [2005/12/05 13:00:40 | 001,156,363 | ---- | C] () -- D:\Program Files (x86)\BDANT.cab [2005/12/05 13:00:40 | 000,976,020 | ---- | C] () -- D:\Program Files (x86)\BDAXP.cab [2005/12/05 13:00:40 | 000,703,080 | ---- | C] () -- D:\Program Files (x86)\BDA.cab [2003/11/17 10:30:01 | 000,286,208 | ---- | C] () -- D:\Windows\SysWow64\CNCS232.DLL ========== LOP Check ========== [2011/10/15 08:10:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Age of Empires 3 [2012/01/07 17:00:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Airline Tycoon 2 [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2011/12/10 11:15:02 | 000,000,000 | ---D | M] -- D:\ProgramData\BioWare [2011/03/10 05:02:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ [2011/10/10 12:13:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Conexant [2012/03/21 21:16:03 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite [2010/07/08 16:24:40 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- D:\ProgramData\explauncher [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2011/11/27 08:09:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Firefly Studios [2011/10/05 05:20:17 | 000,000,000 | ---D | M] -- D:\ProgramData\id Software [2011/02/14 18:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Installations [2010/07/10 10:00:04 | 000,000,000 | ---D | M] -- D:\ProgramData\LANGMaster [2011/09/19 05:20:09 | 000,000,000 | ---D | M] -- D:\ProgramData\launcher [2010/05/02 09:22:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Lenovo [2010/05/09 06:19:37 | 000,000,000 | ---D | M] -- D:\ProgramData\MAGIX [2011/02/14 18:09:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia [2011/06/08 05:48:32 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaAccount [2010/09/20 12:46:55 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache [2010/04/24 04:48:04 | 000,000,000 | ---D | M] -- D:\ProgramData\OviInstallerCache [2011/09/19 05:20:25 | 000,000,000 | ---D | M] -- D:\ProgramData\p2panalysis [2010/09/20 03:20:18 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite [2011/05/06 04:56:48 | 000,000,000 | ---D | M] -- D:\ProgramData\PC-Doctor for Windows [2012/03/19 23:23:16 | 000,000,000 | ---D | M] -- D:\ProgramData\PCDr [2010/10/04 05:08:14 | 000,000,000 | ---D | M] -- D:\ProgramData\PCSettings [2011/03/16 07:43:02 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files [2010/09/20 01:46:38 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe [2010/09/10 10:19:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Roaming [2012/03/25 17:34:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Rosetta Stone [2010/09/27 14:44:01 | 000,000,000 | ---D | M] -- D:\ProgramData\SafeNet Sentinel [2010/04/24 05:29:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung [2010/09/27 14:39:58 | 000,000,000 | ---D | M] -- D:\ProgramData\SPSS [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2011/12/13 18:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages [2010/09/14 04:48:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2011/04/06 04:04:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2010/10/26 08:24:41 | 000,000,000 | -H-D | M] -- D:\ProgramData\{51FF211C-C5CA-4891-947B-39860CCE391A} [2010/04/24 05:18:26 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/04/02 23:58:00 | 000,000,528 | ---- | M] () -- D:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011/12/10 16:30:09 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT [2012/04/02 23:53:00 | 000,000,466 | ---- | M] () -- D:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/12/11 08:12:18 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin [2011/09/19 05:20:44 | 000,000,000 | ---D | M] -- D:\archive_db [2012/04/02 14:18:55 | 000,000,000 | -HSD | M] -- D:\Config.Msi [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen [2010/04/23 18:34:32 | 000,000,000 | ---D | M] -- D:\DRIVERS [2010/09/19 08:22:53 | 000,000,000 | ---D | M] -- D:\faed1437818ec439abe50a [2010/12/20 02:13:09 | 000,000,000 | -HSD | M] -- D:\found.000 [2011/02/03 15:56:23 | 000,000,000 | -HSD | M] -- D:\found.001 [2011/03/17 07:39:23 | 000,000,000 | -HSD | M] -- D:\found.002 [2011/10/10 12:09:18 | 000,000,000 | -HSD | M] -- D:\found.003 [2011/09/28 04:13:22 | 000,000,000 | ---D | M] -- D:\Games [2010/04/24 01:10:48 | 000,000,000 | ---D | M] -- D:\Intel [2010/11/02 05:52:38 | 000,000,000 | RH-D | M] -- D:\MSOCache [2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs [2011/12/31 09:31:34 | 000,000,000 | R--D | M] -- D:\Program Files [2012/03/21 00:59:03 | 000,000,000 | ---D | M] -- D:\Program Files (x86) [2012/04/06 10:19:52 | 000,000,000 | -H-D | M] -- D:\ProgramData [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Programme [2010/04/23 17:51:00 | 000,000,000 | -HSD | M] -- D:\Recovery [2012/04/06 10:19:37 | 000,000,000 | -HSD | M] -- D:\RECYCLER [2011/03/19 10:06:37 | 000,000,000 | ---D | M] -- D:\SWTOOLS [2012/04/02 14:10:26 | 000,000,000 | -HSD | M] -- D:\System Volume Information [2011/09/19 13:19:06 | 000,000,000 | ---D | M] -- D:\temp [2011/12/02 03:39:36 | 000,000,000 | ---D | M] -- D:\Users [2012/02/15 06:05:17 | 000,000,000 | ---D | M] -- D:\Windows < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\DRIVERS\WIN\IRST64\iaStor.sys [2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Program Files (x86)\Lenovo\System Update\session\6mio25ww\iaStor.sys [2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Windows\System32\drivers\iaStor.sys [2010/01/15 06:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4bd470085ec821d5\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll [2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll [2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys [2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys\lockedfiles > < %systemroot%\system32\config\*.sav > < %systemroot%\system32\*.dll\lockedfiles > Invalid Environment Variable: %USERPROFILE\*.* Invalid Environment Variable: %USERPROFILE\Local Settings\Temp\*.*exe Invalid Environment Variable: %USERPROFILE\Local Settings\Temp\*.*dll Invalid Environment Variable: %USERPROFILE\Application Data\*.exe < End of report > Was sind die nächsten Schritte, die ich unternehmen muss? Vielen Dank für eure Hilfe! |
#6
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:
:OTL
O4 - HKU\AS_ON_D..\Run: [gema] D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
O20 - HKU\AS_ON_D Winlogon: Shell - (C:\Users\AS\AppData\Roaming\gema\gema.exe) - D:\Users\AS\AppData\Roaming\gema\gema.exe (A Lf)
:Files
D:\Users\AS\AppData\Roaming\gema
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die + E Taste.
• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

• Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
poste ein neues otl log bitte
So, anbei der Neue LOG, hat etwas gedauert, aber ist übers Wochenende nicht leicht einen PC zu bekommen.

Was bisher nach dem FIX passiert ist:

1. Kein automatischer Neustart, aber konnte den PC nach ausschalten im abgesicherten Modus starten ohne dass der weisse Bildschirm erschienen ist.

2. Sobald ich abgesicherten Modus mit Netzwerktreibern oder den normalen Modus gestartet habe, war wieder der Gema-Virus da.
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GemmaVirus sperrt Desktop / Dieses Programm kann die Webseite nicht anzeigen. naja, wenn du jetzt im abgesicherten modus mist, und ja nicht regelmäßig arbeiten kannst, sollten wir einfach kurzen prozess machen wir arbeiten ja schon seit anfang april an dem pc. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
