| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 pc wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.05.2012, 16:38
| #7 |
 |  Windows 7 pc wurde gesperrt Hmm, also neuer Versuch. Noch eine andere Frage wo finde ich die Extra.txt Datei die ich auch noch Posten sollte? Mit freundlichen Gruessen StrussniOTL Logfile: Code:
ATTFilter OTL logfile created on: 5/7/2012 9:14:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.82 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 399.75 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 465.66 Gb Total Space | 414.76 Gb Free Space | 89.07% Space Free | Partition Type: NTFS
Drive F: | 1.98 Gb Total Space | 1.89 Gb Free Space | 95.77% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 19:48:40 | 000,202,752 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto] -- E:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012/04/14 07:08:07 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/11 09:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 09:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/01 06:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 06:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 12:07:48 | 000,246,520 | ---- | M] () [Auto] -- E:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/08 12:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/15 13:56:52 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/11 10:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 10:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/06 20:11:33 | 006,769,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/04/06 20:11:33 | 006,769,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/06 19:07:03 | 000,232,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/22 11:18:20 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\o2mdgx64.sys -- (O2MDGRDR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\user_ON_E\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\user_ON_E\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\user_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_2_202_233.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: E:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files (x86)\ICQ6Toolbar\20111104180609\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\user_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] E:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\user_ON_E..\Run: [4qL1G6z51w8f9yx] E:\Users\user\AppData\Roaming\wmplayerX_86.exe ()
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\user_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\user_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\user_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - E:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - E:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - user_ON_E\..Trusted Domains: mit.edu ([idp] https in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\user_ON_E Winlogon: Shell - (C:\Users\user\AppData\Roaming\wmplayerX_86.exe) - E:\Users\user\AppData\Roaming\wmplayerX_86.exe ()
O20 - HKU\user_ON_E Winlogon: UserInit - (C:\Users\user\AppData\Roaming\wmplayerX_86.exe) - E:\Users\user\AppData\Roaming\wmplayerX_86.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - E:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig:64bit - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/05/04 13:04:35 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{A65246EC-0605-4914-B4A2-901EE02A9DBF}
[2012/05/04 13:04:20 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{DA1930B9-CC2A-408D-A0AC-075CB0CD471D}
[2012/05/04 12:57:31 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{324EF168-0457-460B-BB1D-F834059E54EB}
[2012/05/03 10:47:19 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{BB9D56A0-C5C6-4B5A-A742-509E429BDD25}
[2012/05/03 10:47:03 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{22D1649B-84E9-4184-A433-0D887745CF28}
[2012/05/02 11:19:57 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{91036E33-3181-49DA-A3D3-370C43B749F3}
[2012/05/02 11:19:42 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{79D983F5-5CB5-4218-9DA8-6FD398B50A4C}
[2012/05/01 10:25:46 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{F9D5B85E-1DDE-4C00-BE82-C2F602C48DF2}
[2012/04/30 22:25:14 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{55016FFC-0E6A-462E-917D-33DC040F312F}
[2012/04/30 22:25:03 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{05E5E5DB-0D37-424E-B73E-1D6EE16DB724}
[2012/04/29 14:51:03 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{BB3C2CC8-5B27-4EEF-B784-6865145F30D9}
[2012/04/29 14:50:48 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{0EAD69EB-6752-4950-82C1-74EF9DDC0183}
[2012/04/28 18:37:01 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\MSXML 4.0
[2012/04/28 10:43:08 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{9058CF4A-8D32-4979-A818-0782B9434B77}
[2012/04/28 10:42:53 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{C3EAD966-974C-4C7F-A9C1-2CA2FD8F1502}
[2012/04/28 06:21:23 | 000,000,000 | ---D | C] -- E:\ProgramData\DriverGenius
[2012/04/28 06:21:06 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/04/28 06:21:05 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Driver-Soft
[2012/04/28 05:40:34 | 000,100,352 | ---- | C] (CANON INC.) -- E:\Windows\SysWow64\CNMLM50.DLL
[2012/04/28 05:40:33 | 000,073,728 | ---- | C] (CANON INC.) -- E:\Windows\SysWow64\CNMCP50.exe
[2012/04/28 05:40:30 | 000,000,000 | -H-D | C] -- E:\BJPrinter
[2012/04/28 04:55:32 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2012/04/28 04:55:08 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012/04/28 04:54:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msxml4r.dll
[2012/04/28 04:54:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msxml4a.dll
[2012/04/28 04:54:16 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
[2012/04/28 04:54:14 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\TeXnicCenter
[2012/04/28 04:53:34 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Roaming\MiKTeX
[2012/04/28 04:53:34 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\MiKTeX
[2012/04/28 04:52:48 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012/04/28 04:49:42 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\MiKTeX 2.9
[2012/04/28 03:59:47 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Ghostgum
[2012/04/28 03:57:25 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012/04/28 03:57:20 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\gs
[2012/04/28 03:42:50 | 000,000,000 | ---D | C] -- E:\ProgramData\MiKTeX
[2012/04/28 03:37:34 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\MiKTeX 2.7
[2012/04/27 22:42:25 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{E01C328F-B034-4FFB-9095-88D1651BB8B0}
[2012/04/27 10:41:53 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{BBB74E03-4ECF-412B-AEA9-44E271BAF9AC}
[2012/04/27 10:41:38 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{7EE9553F-0E65-4061-844E-B9168A60849A}
[2012/04/26 10:30:42 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{2529BEF1-7EF0-4B3F-A122-42E3557138E9}
[2012/04/26 10:30:32 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{9A33468D-7879-4538-9AAB-0E40BE699E35}
[2012/04/25 10:52:01 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{7567A9C6-2778-4B70-82CF-C6A1DF42D2E3}
[2012/04/25 10:51:47 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{A9E4D147-0D4A-49C4-9A0E-074B3592B456}
[2012/04/24 12:18:13 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{C44BF9B5-837D-4A6C-BE2C-733BD2B9CEB3}
[2012/04/24 12:17:58 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{7DE5608C-9993-4701-BBEC-F1BC9F7D6054}
[2012/04/23 10:49:17 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{348D5049-BA6F-4F53-9E38-C5FC614E027C}
[2012/04/23 10:49:01 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{54712BB8-3DE6-4C6F-A14C-FE1AA1DCD4D6}
[2012/04/22 06:31:30 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{4F058D15-5A46-47E8-B24A-B5190118678F}
[2012/04/22 06:31:19 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{6370F951-E085-44BC-B583-F3B927E61DA2}
[2012/04/21 13:53:59 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{B10AC68D-98E4-4C2C-B21E-DC5F69B69E07}
[2012/04/21 13:53:48 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{BC1467F3-F681-4693-8F86-1F1D597F372E}
[2012/04/20 10:01:42 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{3895793C-69AC-4892-9396-4471613CB81D}
[2012/04/20 10:01:32 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{E0310223-2049-401E-B624-5C61B14B04AD}
[2012/04/19 13:13:38 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/19 11:06:26 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{BAC1A488-A61F-45B9-8F5F-B4C235917BDD}
[2012/04/19 11:06:12 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{B23144D3-1255-4EB1-8558-3D838120244D}
[2012/04/18 10:38:42 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{9C5229E7-41AC-4822-9669-C0976490ECC2}
[2012/04/18 10:38:32 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{ACF1A0CC-B91F-4F59-A3BA-9E35E4D9BFBA}
[2012/04/16 11:21:13 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{5449A155-62B1-49BC-A6F6-2C4A78C1C84C}
[2012/04/16 11:20:58 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{45235CA6-EC27-4A40-887D-5A4F3557AB78}
[2012/04/15 08:58:27 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{3887F912-223B-4B40-8279-2514E8AFD3AF}
[2012/04/15 08:58:13 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{3E1EC371-AFDF-48B8-93BE-6DBDC7E619BD}
[2012/04/15 06:14:43 | 000,000,000 | ---D | C] -- E:\Windows\de
[2012/04/15 06:13:23 | 000,048,488 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\fssfltr.sys
[2012/04/15 05:57:58 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{70F91B83-A927-4839-80AC-00526D75B4CB}
[2012/04/15 05:57:43 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{3B5391D8-74F7-4489-864F-58E6F9BD24E8}
[2012/04/14 14:54:31 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{1DDA4E3E-A4F4-49D9-A17E-EF5B9FEE9CA6}
[2012/04/14 14:54:19 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{357BC594-7289-41E6-A877-C5111800AAF3}
[2012/04/14 08:15:49 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{0C07C717-96EB-4622-9FD2-B1EBB25CE615}
[2012/04/14 08:15:34 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{3F26C636-9387-4C23-8A28-C460D3240282}
[2012/04/14 05:45:06 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{9A362981-EF82-4D96-BADF-009B36D64C82}
[2012/04/12 15:23:36 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{F070BAB8-3FE7-44E1-9131-4B891E904BEB}
[2012/04/12 03:23:08 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{168AFEE9-F3A4-4362-9014-B31389DE4FAF}
[2012/04/11 15:36:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2012/04/11 15:36:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2012/04/11 15:36:49 | 002,311,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2012/04/11 15:36:49 | 001,799,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2012/04/11 15:36:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript.dll
[2012/04/11 15:36:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2012/04/11 15:36:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2012/04/11 15:36:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\url.dll
[2012/04/11 15:36:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2012/04/11 15:36:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2012/04/11 15:36:48 | 001,427,456 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 15:36:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2012/04/11 15:36:23 | 005,559,152 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2012/04/11 15:36:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 15:36:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 15:35:04 | 000,159,232 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\imagehlp.dll
[2012/04/11 15:35:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\imagehlp.dll
[2012/04/11 15:35:04 | 000,023,408 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\fs_rec.sys
[2012/04/11 15:35:03 | 000,220,672 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wintrust.dll
[2012/04/11 15:35:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\wintrust.dll
[2012/04/11 13:19:47 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{E148BE9D-39D1-46B7-A164-2679048F7514}
[2012/04/10 15:53:29 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{7C4C96A1-E0EB-451D-B2D7-D0A4501E33B9}
[2012/04/10 03:53:01 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{E9ED0963-6399-4C2A-9DD0-16E9EF2C5F52}
[2012/04/09 13:38:06 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{811A30BF-915B-42C8-AA07-30784D52646A}
[2012/04/08 07:45:01 | 000,000,000 | ---D | C] -- E:\Users\user\AppData\Local\{32AE6635-DDB8-4932-A49B-6EDC474A1DF1}
[2 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/07 01:53:46 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/05/07 01:51:43 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 01:51:35 | 3217,264,640 | -HS- | M] () -- E:\hiberfil.sys
[2012/05/06 03:57:23 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 03:57:14 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 15:16:31 | 000,014,416 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:16:31 | 000,014,416 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 15:12:57 | 000,654,166 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/05/04 15:12:57 | 000,616,008 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/05/04 15:12:57 | 000,130,006 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/05/04 15:12:57 | 000,106,388 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/05/04 15:06:46 | 000,272,896 | ---- | M] () -- E:\Users\user\AppData\Roaming\wmplayerX_86.exe
[2012/04/28 06:21:06 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012/04/28 05:40:02 | 000,073,728 | ---- | M] (CANON INC.) -- E:\Windows\SysWow64\CNMCP50.exe
[2012/04/28 05:40:02 | 000,005,632 | ---- | M] () -- E:\Windows\SysWow64\CNMVS50.DLL
[2012/04/28 05:40:01 | 000,100,352 | ---- | M] (CANON INC.) -- E:\Windows\SysWow64\CNMLM50.DLL
[2012/04/28 04:55:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2012/04/28 04:55:09 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012/04/28 04:54:16 | 000,001,034 | ---- | M] () -- E:\Users\user\Desktop\TeXnicCenter.lnk
[2012/04/28 04:54:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
[2012/04/28 04:52:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012/04/19 13:13:38 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/15 06:14:29 | 000,000,000 | R--D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/04/15 06:14:17 | 000,001,305 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/15 06:14:11 | 000,001,374 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/15 06:13:59 | 000,001,490 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/15 06:13:52 | 000,002,534 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/14 07:08:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 07:08:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 07:08:03 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerInstaller.exe
[2 E:\Windows\System32\*.tmp files -> E:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/04 15:06:48 | 000,272,896 | ---- | C] () -- E:\Users\user\AppData\Roaming\wmplayerX_86.exe
[2012/04/28 05:40:34 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\CNMVS50.DLL
[2012/04/28 04:54:16 | 000,001,034 | ---- | C] () -- E:\Users\user\Desktop\TeXnicCenter.lnk
[2012/03/09 11:57:32 | 000,007,611 | ---- | C] () -- E:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011/12/09 12:09:55 | 000,027,114 | ---- | C] () -- E:\Windows\maxlink.ini
[2011/11/04 15:42:28 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/11/04 12:44:08 | 000,000,032 | ---- | C] () -- E:\ProgramData\ezsid.dat
[2011/10/28 12:24:48 | 000,002,093 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2010/07/06 04:28:31 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/04/28 06:21:39 | 000,000,000 | ---D | M] -- E:\ProgramData\DriverGenius
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/11/04 13:04:00 | 000,000,000 | ---D | M] -- E:\ProgramData\ICQ
[2011/12/09 12:09:41 | 000,000,000 | ---D | M] -- E:\ProgramData\ScanSoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/02/01 12:55:59 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/10/28 12:12:55 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2012/04/28 05:40:30 | 000,000,000 | -H-D | M] -- E:\BJPrinter
[2011/10/28 12:16:39 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/10/28 12:19:05 | 000,000,000 | ---D | M] -- E:\Intel
[2011/11/26 06:07:02 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2011/12/30 06:58:39 | 000,000,000 | R--D | M] -- E:\Program Files
[2012/04/28 18:37:01 | 000,000,000 | R--D | M] -- E:\Program Files (x86)
[2012/04/28 06:21:23 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/10/28 12:12:27 | 000,000,000 | -HSD | M] -- E:\Programme
[2011/10/28 12:12:28 | 000,000,000 | -HSD | M] -- E:\Recovery
[2012/05/02 16:03:19 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2011/10/28 12:12:36 | 000,000,000 | R--D | M] -- E:\Users
[2012/05/06 03:58:10 | 000,000,000 | ---D | M] -- E:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2011/06/15 04:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- E:\Windows\System32\drivers\iaStor.sys
[2011/06/15 04:10:14 | 000,557,848 | ---- | M] (Intel Corporation) MD5=4F6FB2CDBDEEFC47E7D2066E78254580 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e752014ccfa80474\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2 E:\Windows\system32\*.tmp files -> E:\Windows\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
| Themen zu Windows 7 pc wurde gesperrt |
| antivir, befindet, begründung, betriebssystem, festplatte, festplatten, formatiere, formatieren, formatierung, garnicht, gen, gesperrt, pc gesperrt, pc wurde gesperrt, platte, platten, programm, rechner, rechners, reich, urheberrechtsverletzung, virus, windows, windows 7, würde, zahlen |
Baum-Darstellung