Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sperrung des PCs durch Bundesamt für Internetsicherheit ? (https://www.trojaner-board.de/135814-sperrung-pcs-bundesamt-internetsicherheit.html)

TrojanerKing 30.05.2013 17:37
Sperrung des PCs durch Bundesamt für Internetsicherheit ?
 
Hallo!
Ich besitze einen PC mit Windows 7 64 Bit und kann diesen nicht mehr richtig nutzen.
Immer wenn ich ihn starte und mich in meinem Benutzerprofil anmelde erscheint kurz in der oberen linken Ecke ein schwarzer Kasten, bevor alles von einem weisen Vollbild überdeckt wird(angeblich vom Bundesamt für Informationssicherheit), das mich dazu auffordert 100€ über Paysafe oder Ukash zu bezahlen. Ich denke(hoffentlich zurecht), dass dies ein Fake ist und bitte um Hilfe, aber ohne die Festplatte zu formatieren und Windows neu zu installieren, da ich die Festplattendaten behalten möchte. Ich hoffe, dass mir irgendjemand helfen kann.
Ich halte mich für einigermaßen gewandt im Umgang mit Computern, bin aber nicht vertraut mit den Fachbegriffen.
Habe leider keinerlei Logs.
Ich bedanke schon jetzt und hoffen, dass das Problem behebbar ist.

markusg 30.05.2013 17:38
Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

aharonov 30.05.2013 17:38
edit

TrojanerKing 30.05.2013 18:03
ich habe das ganze gebrannt aber beim booten komm ich nicht mehr mit
ich habs versucht aber der pc startet nicht neu wie in der Anleitung beschrieben
vielleicht hab ich was beim brennen falsch gemacht?

markusg 30.05.2013 18:13
na, dass können wir nicht sagen ob du die Anleitung richtig durchgearbeitet hast, eigendlich steht da ja alles genau beschrieben, wie du die Bootreihenfolge im bios änderst etc

TrojanerKing 30.05.2013 18:21
habs hinbekommen
aber das Reatogo-X-PE lädt sehr lange

bei mir kam mehrmals ein blauer Bildschirm der sagte Windows wird heruntergefahren um den Computer zu schützen.
man soll den pc nach viren untersuchen was schlecht geht und "Run CHKDSK /F to check for hard drive corruption, and then restart your Computer."

STOP: 0x0000007B (0xF78DA528, 0xC0000024, 0x00000000, 0x00000000)
was soll ich jetzt machen?

markusg 30.05.2013 18:34
Hi, gehe ins bios, bei start meist über die ENTF-Taste zu erreichen, dort prüfe ob der ide oder ahci Mode gewählt ist, konfiguriere jeweils den gegenteiligen und starte die cd erneut

TrojanerKing 30.05.2013 19:01
wie soll ich den Inhalt in die Textbox kopieren, wenn ich kein Internet habe

auch über nen stick als textdokument geht nicht da der stick nicht erkannt wird

markusg 30.05.2013 20:24
stick raus, neustarten von cd, stick rein, dann gehts

TrojanerKing 30.05.2013 20:43
jetzt geht der stick
aber es kommt OUT OF MEMORY
und ich soll doch C:\Windows durchsuchen oder?

markusg 30.05.2013 21:16
dann bitte ohne mein Script, dann sollts klappen

TrojanerKing 30.05.2013 21:41
scan ist durch
wie poste ich den log

markusg 30.05.2013 21:50
einfügen oder anhängen

TrojanerKing 30.05.2013 21:53
OTL Logfile:
Code:
OTL logfile created on: 5/31/2013 3:28:01 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 110.79 Gb Free Space | 55.40% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 731.40 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 7.50 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 05:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 05:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/21 04:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/08/17 21:36:20 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/29 04:36:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 05:13:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 12:08:30 | 000,854,016 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/11/17 05:52:14 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/08 01:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/15 01:53:06 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/01/20 09:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 01:41:54 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 00:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/12/04 00:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/12/04 00:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/11/26 13:37:38 | 000,412,520 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/11/26 13:37:34 | 000,137,064 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/10/31 00:37:44 | 000,099,328 | R--- | M] (Qualcomm Atheros Communications Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qca_shb.sys -- (qca_shb)
DRV:64bit: - [2012/10/31 00:37:44 | 000,039,704 | R--- | M] (Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012/10/31 00:37:40 | 000,135,832 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/10/31 00:37:36 | 000,178,840 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/10/31 00:37:34 | 000,033,944 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/10/31 00:37:32 | 000,055,448 | R--- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2012/10/25 12:20:28 | 000,769,168 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/09/12 10:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/01 12:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 12:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/27 13:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2012/08/27 13:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/19 22:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/19 22:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/07/24 04:37:56 | 000,046,016 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ISCTD64.sys -- (ISCT) Intel(R)
DRV:64bit: - [2012/07/20 11:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstrtdv.sys -- (irstrtdv) Intel(R)
DRV:64bit: - [2012/07/20 10:15:52 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/07/20 10:15:52 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2012/06/13 14:25:50 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2011/10/25 03:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 03:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/07 05:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/07 05:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/21 04:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/09/24 07:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/09/23 23:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/09/23 23:35:34 | 000,041,216 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009/08/28 10:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009/08/26 05:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/08/26 05:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009/08/17 22:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/13 02:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/06/17 08:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009/06/17 08:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = kiebel.de | PC-Systeme und Notebooks nach Maß!
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01  [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=5A9B001FCF41424D"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll (Utility Chest)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/25 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions
[2013/05/15 07:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\extensions
[2013/05/14 11:29:53 | 000,006,498 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\babylon.xml
[2013/05/14 11:31:50 | 000,001,304 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\holasearch.xml
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Johannes\Documents\7232b878.exe (Adobe Systems Incorporated)
O4 - HKU\Johannes_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Johannes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Johannes_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 10:36:51 | 000,043,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Johannes\Documents\7232b878.exe
[2013/05/29 04:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/20 11:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 11:37:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/15 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Johannes
[2013/05/15 15:41:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Thunderbird
[2013/05/15 15:28:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 15:28:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 15:27:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 15:27:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 15:27:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 15:27:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 15:27:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 15:27:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 15:27:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 15:27:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/05/15 15:27:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 15:27:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 15:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 15:27:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 15:27:50 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/05/15 08:51:37 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 08:51:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:51:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 08:51:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2013/05/15 08:51:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 08:51:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/15 08:51:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013/05/14 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\bluesoleil
[2013/05/14 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2013/05/14 11:29:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/14 11:29:38 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot64.exe
[2013/05/14 11:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/05/14 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Bluetooth
[2013/05/14 09:34:49 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdclsx64.dll
[2013/05/14 09:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013/05/14 09:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/05/14 09:34:43 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfdx64.sys
[2013/05/14 09:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013/05/14 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2013/05/14 09:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/13 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/13 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Adobe
[2013/05/12 08:21:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\SCE
[2013/05/12 08:21:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/05/12 08:21:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/05/12 08:21:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/05/12 08:21:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/05/12 08:21:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/05/12 08:21:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/05/12 08:21:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/05/12 08:21:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/05/12 08:21:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/05/12 08:21:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/05/12 08:21:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/05/12 08:21:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/05/12 08:21:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013/05/12 08:21:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/05/12 08:21:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/05/12 08:21:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/05/12 08:21:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/05/12 08:21:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/05/12 08:21:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/05/12 08:21:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/05/12 08:21:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013/05/12 08:21:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013/05/12 08:21:02 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/05/12 08:21:02 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/05/12 08:21:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013/05/12 08:21:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/05/12 08:21:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/05/12 08:20:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/05/12 08:20:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/05/12 08:20:58 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/05/12 08:20:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/05/12 08:20:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/05/12 08:20:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/05/12 08:20:56 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/05/12 08:20:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/05/12 08:20:55 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/05/12 08:20:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/12 08:20:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/05/12 08:20:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/12 08:20:53 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/05/12 08:20:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/12 08:20:52 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/05/12 08:20:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/05/12 08:20:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/05/12 08:20:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/05/12 08:20:50 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/05/12 08:20:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/05/12 08:20:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/05/12 08:20:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/05/12 08:20:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/05/12 08:20:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/05/12 08:20:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/05/12 08:20:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/05/12 08:20:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/05/12 08:20:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/05/12 08:20:45 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/05/12 08:20:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/05/12 08:20:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/05/12 08:20:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/05/12 08:20:43 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/05/12 08:20:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/05/12 08:20:42 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/05/12 08:20:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/05/12 08:20:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/05/12 08:20:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/05/12 08:20:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/05/12 08:20:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/05/12 08:20:39 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/05/12 08:20:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/05/12 08:20:39 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/05/12 08:20:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/05/12 08:20:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/05/12 08:20:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/05/12 08:20:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/05/12 08:20:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/05/12 08:20:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/05/12 08:20:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/05/12 08:20:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/05/12 08:20:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/05/12 08:20:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/05/12 08:20:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/05/12 08:20:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/05/12 08:20:32 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/05/12 08:20:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/05/12 08:20:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/05/12 08:20:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/05/12 08:20:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/05/12 08:20:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/05/12 08:20:29 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/05/12 08:20:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/05/12 08:20:28 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/05/12 08:20:28 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/05/12 08:20:27 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/05/12 08:20:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/05/12 08:20:26 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/05/12 08:20:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/05/12 08:20:25 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/05/12 08:20:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/05/12 08:20:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/05/12 08:20:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/05/12 08:20:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/05/12 08:20:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/05/12 08:20:17 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/05/12 08:20:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/05/12 08:20:16 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/05/12 08:20:16 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/05/12 08:20:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/05/12 08:20:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/05/12 08:20:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/05/12 08:20:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/05/12 08:20:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/05/12 08:20:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/05/12 08:20:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/05/12 08:20:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/05/11 06:15:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\The Lord of the Rings Online
[2013/05/11 06:06:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Chromium
[2013/05/11 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\The Lord of the Rings Online
[2013/05/11 05:16:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/05/11 05:16:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/05/11 05:16:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/05/11 05:14:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Turbine
[2013/05/11 05:14:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\ApplicationHistory
[2013/05/11 05:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/05/11 05:12:10 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/05/02 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/05/02 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\NVIDIA
[2013/05/02 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/02 12:34:26 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Johannes\Desktop\MinecraftSP.exe
[2013/05/02 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\.minecraft
[2013/05/02 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/05/30 13:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/30 13:08:11 | 000,005,126 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/30 13:07:44 | 000,001,078 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/05/30 13:07:44 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/30 13:07:18 | 2070,130,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 12:56:36 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 12:56:36 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 12:56:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 12:08:45 | 000,707,686 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/30 12:08:45 | 000,661,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/30 12:08:45 | 000,153,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/30 12:08:45 | 000,125,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/30 10:36:55 | 000,163,072 | ---- | M] () -- C:\Users\Johannes\AppData\Local\2433f433
[2013/05/30 10:36:55 | 000,163,035 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\2433f433
[2013/05/30 10:36:55 | 000,163,008 | ---- | M] () -- C:\ProgramData\2433f433
[2013/05/30 10:36:52 | 000,043,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Johannes\Documents\7232b878.exe
[2013/05/28 16:24:35 | 000,007,597 | ---- | M] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2013/05/20 11:46:53 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/20 11:40:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/20 11:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 05:13:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 05:13:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/17 15:41:32 | 000,000,263 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/15 16:09:53 | 000,275,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/14 11:56:21 | 000,000,382 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:49:16 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/05/14 11:48:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 10:40:08 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/14 09:51:51 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/14 09:51:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:38:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2013/05/14 09:31:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:27:07 | 000,001,398 | ---- | M] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:36:12 | 000,002,784 | ---- | M] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | M] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/05/11 05:14:03 | 001,669,798 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 05:13:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/30 10:36:55 | 000,163,072 | ---- | C] () -- C:\Users\Johannes\AppData\Local\2433f433
[2013/05/30 10:36:55 | 000,163,035 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\2433f433
[2013/05/30 10:36:55 | 000,163,008 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/20 11:46:53 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/20 11:40:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/15 15:57:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/14 11:52:19 | 000,000,382 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:51:49 | 000,000,263 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/14 11:51:02 | 000,005,126 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/14 11:51:00 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/14 11:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 09:51:51 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/14 09:38:56 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2013/05/14 09:38:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2013/05/14 09:29:45 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:07 | 000,001,398 | ---- | C] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:06:21 | 000,002,784 | ---- | C] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/04/25 11:51:47 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/25 11:51:47 | 000,021,436 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/25 10:23:42 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2012/01/13 09:27:07 | 001,669,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/11/17 05:46:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009/11/17 05:44:12 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/05/18 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012/01/13 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\InfraRecorder
[2013/04/25 11:51:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MingGuan
[2013/05/13 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/15 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/15 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2013/05/15 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/04/25 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2013/04/25 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Windows Live Writer
[2013/05/20 11:40:10 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/05/14 11:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:34:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/02 13:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 02:01:48 | 000,022,872 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 30.05.2013 21:57
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Johannes\Documents\7232b878.exe (Adobe Systems Incorporated)
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
[2013/05/30 10:36:55 | 000,163,072 | ---- | M] () -- C:\Users\Johannes\AppData\Local\2433f433
[2013/05/30 10:36:55 | 000,163,035 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\2433f433
[2013/05/30 10:36:55 | 000,163,008 | ---- | M] () -- C:\ProgramData\2433f433
[2013/05/30 10:36:52 | 000,043,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Johannes\Documents\7232b878.exe
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

TrojanerKing 31.05.2013 10:37
Der Pc startet nicht neu
der fix soll aber erfolgreich gewesen sein
soll ich ihn neu starten und auf C: booten?

Hier ist der log

========== OTL ==========
Registry key HKEY_USERS\Johannes_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\Johannes\Documents\7232b878.exe moved successfully.
Registry value HKEY_USERS\Johannes_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.
C:\Windows\SysWOW64\cmd.exe moved successfully.
C:\Users\Johannes\AppData\Local\2433f433 moved successfully.
C:\Users\Johannes\AppData\Roaming\2433f433 moved successfully.
C:\ProgramData\2433f433 moved successfully.
File C:\Users\Johannes\Documents\7232b878.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 459556 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 160297262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes

Total Files Cleaned = 153.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 05312013_174524

markusg 31.05.2013 10:49
ja und wenn das geht, upload ausführen wie beschrieben

TrojanerKing 31.05.2013 10:54
kann es sein dass ich ide wieder auf ahci umstellen muss?
denn bei mir kommt wieder der blaue bildschirm mit der fehlermeldung

markusg 31.05.2013 10:56
stell es mal um

TrojanerKing 31.05.2013 10:58
jetzt kommt windows-fehlerbehebung
und jetzt kommt systemstartreperatur
mit systemwiederherstellung wiederherstellen?
evtl werden kürzlich installierte Programme entfernt
wiederherstellen oder abbrechen?

markusg 31.05.2013 10:59
dann lass es durchlaufen

TrojanerKing 31.05.2013 11:18
jetzt bin ich über C: drin aber cmd.exe wird gestartet und sagt ein befehl ist falsch geschrieben oder wurde nicht gefunden
drunter steht : C:\Windows\system32> dann der coursor

markusg 31.05.2013 11:26
kannst du den Upload trotzdem machen oder lässt sich mit dem PC nicht arbeiten?

TrojanerKing 31.05.2013 11:27
mit dem pc ist nichts zu machen

markusg 31.05.2013 11:29
ok dann doch noch mal neues otl log, modus im Bios wieder umstellen

TrojanerKing 31.05.2013 11:29
neuer fix oder neuer scan?

markusg 31.05.2013 11:30
neuer scan

TrojanerKing 31.05.2013 11:31
mit oder ohne script?

OTL Logfile:
Code:
OTL logfile created on: 5/31/2013 7:38:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 110.77 Gb Free Space | 55.38% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 731.40 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 7.50 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 05:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 05:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/21 04:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/08/17 21:36:20 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/29 04:36:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 05:13:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 12:08:30 | 000,854,016 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/11/17 05:52:14 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/08 01:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/15 01:53:06 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/01/20 09:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 01:41:54 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 00:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/12/04 00:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/12/04 00:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/11/26 13:37:38 | 000,412,520 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/11/26 13:37:34 | 000,137,064 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/10/31 00:37:44 | 000,099,328 | R--- | M] (Qualcomm Atheros Communications Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qca_shb.sys -- (qca_shb)
DRV:64bit: - [2012/10/31 00:37:44 | 000,039,704 | R--- | M] (Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012/10/31 00:37:40 | 000,135,832 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/10/31 00:37:36 | 000,178,840 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/10/31 00:37:34 | 000,033,944 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/10/31 00:37:32 | 000,055,448 | R--- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2012/10/25 12:20:28 | 000,769,168 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/09/12 10:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/01 12:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 12:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/27 13:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2012/08/27 13:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/19 22:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/19 22:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/07/24 04:37:56 | 000,046,016 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ISCTD64.sys -- (ISCT) Intel(R)
DRV:64bit: - [2012/07/20 11:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstrtdv.sys -- (irstrtdv) Intel(R)
DRV:64bit: - [2012/07/20 10:15:52 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/07/20 10:15:52 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2012/06/13 14:25:50 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2011/10/25 03:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 03:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/07 05:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/07 05:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/21 04:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/09/24 07:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/09/23 23:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/09/23 23:35:34 | 000,041,216 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009/08/28 10:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009/08/26 05:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/08/26 05:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009/08/17 22:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/13 02:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/06/17 08:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009/06/17 08:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = kiebel.de | PC-Systeme und Notebooks nach Maß!
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01  [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=5A9B001FCF41424D"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll (Utility Chest)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/25 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions
[2013/05/15 07:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\extensions
[2013/05/14 11:29:53 | 000,006,498 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\babylon.xml
[2013/05/14 11:31:50 | 000,001,304 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\holasearch.xml
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]  File not found
O4 - HKU\Johannes_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Johannes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Johannes_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/31 17:45:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/29 04:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/20 11:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 11:37:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/15 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Johannes
[2013/05/15 15:41:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Thunderbird
[2013/05/15 15:28:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 15:28:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 15:27:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 15:27:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 15:27:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 15:27:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 15:27:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 15:27:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 15:27:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 15:27:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/05/15 15:27:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 15:27:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 15:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 15:27:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 15:27:50 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/05/15 08:51:37 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 08:51:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:51:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 08:51:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2013/05/15 08:51:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 08:51:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/15 08:51:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013/05/14 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\bluesoleil
[2013/05/14 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2013/05/14 11:29:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/14 11:29:38 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot64.exe
[2013/05/14 11:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/05/14 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Bluetooth
[2013/05/14 09:34:49 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdclsx64.dll
[2013/05/14 09:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013/05/14 09:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/05/14 09:34:43 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfdx64.sys
[2013/05/14 09:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013/05/14 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2013/05/14 09:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/13 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/13 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Adobe
[2013/05/12 08:21:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\SCE
[2013/05/12 08:21:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/05/12 08:21:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/05/12 08:21:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/05/12 08:21:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/05/12 08:21:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/05/12 08:21:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/05/12 08:21:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/05/12 08:21:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/05/12 08:21:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/05/12 08:21:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/05/12 08:21:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/05/12 08:21:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/05/12 08:21:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013/05/12 08:21:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/05/12 08:21:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/05/12 08:21:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/05/12 08:21:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/05/12 08:21:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/05/12 08:21:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/05/12 08:21:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/05/12 08:21:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013/05/12 08:21:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013/05/12 08:21:02 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/05/12 08:21:02 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/05/12 08:21:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013/05/12 08:21:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/05/12 08:21:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/05/12 08:20:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/05/12 08:20:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/05/12 08:20:58 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/05/12 08:20:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/05/12 08:20:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/05/12 08:20:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/05/12 08:20:56 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/05/12 08:20:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/05/12 08:20:55 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/05/12 08:20:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/12 08:20:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/05/12 08:20:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/12 08:20:53 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/05/12 08:20:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/12 08:20:52 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/05/12 08:20:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/05/12 08:20:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/05/12 08:20:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/05/12 08:20:50 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/05/12 08:20:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/05/12 08:20:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/05/12 08:20:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/05/12 08:20:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/05/12 08:20:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/05/12 08:20:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/05/12 08:20:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/05/12 08:20:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/05/12 08:20:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/05/12 08:20:45 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/05/12 08:20:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/05/12 08:20:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/05/12 08:20:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/05/12 08:20:43 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/05/12 08:20:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/05/12 08:20:42 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/05/12 08:20:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/05/12 08:20:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/05/12 08:20:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/05/12 08:20:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/05/12 08:20:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/05/12 08:20:39 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/05/12 08:20:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/05/12 08:20:39 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/05/12 08:20:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/05/12 08:20:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/05/12 08:20:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/05/12 08:20:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/05/12 08:20:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/05/12 08:20:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/05/12 08:20:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/05/12 08:20:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/05/12 08:20:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/05/12 08:20:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/05/12 08:20:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/05/12 08:20:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/05/12 08:20:32 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/05/12 08:20:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/05/12 08:20:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/05/12 08:20:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/05/12 08:20:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/05/12 08:20:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/05/12 08:20:29 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/05/12 08:20:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/05/12 08:20:28 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/05/12 08:20:28 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/05/12 08:20:27 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/05/12 08:20:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/05/12 08:20:26 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/05/12 08:20:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/05/12 08:20:25 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/05/12 08:20:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/05/12 08:20:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/05/12 08:20:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/05/12 08:20:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/05/12 08:20:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/05/12 08:20:17 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/05/12 08:20:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/05/12 08:20:16 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/05/12 08:20:16 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/05/12 08:20:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/05/12 08:20:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/05/12 08:20:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/05/12 08:20:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/05/12 08:20:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/05/12 08:20:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/05/12 08:20:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/05/12 08:20:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/05/11 06:15:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\The Lord of the Rings Online
[2013/05/11 06:06:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Chromium
[2013/05/11 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\The Lord of the Rings Online
[2013/05/11 05:16:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/05/11 05:16:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/05/11 05:16:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/05/11 05:14:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Turbine
[2013/05/11 05:14:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\ApplicationHistory
[2013/05/11 05:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/05/11 05:12:10 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/05/02 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/05/02 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\NVIDIA
[2013/05/02 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/02 12:34:26 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Johannes\Desktop\MinecraftSP.exe
[2013/05/02 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\.minecraft
[2013/05/02 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/31 12:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/31 12:29:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 12:23:07 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:23:07 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:20:00 | 000,707,686 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/31 12:20:00 | 000,661,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/31 12:20:00 | 000,153,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 12:20:00 | 000,125,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/31 12:15:58 | 000,005,139 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/31 12:15:47 | 000,001,078 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/05/31 12:15:33 | 2070,130,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/05/30 13:07:44 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/28 16:24:35 | 000,007,597 | ---- | M] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2013/05/20 11:46:53 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/20 11:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 05:13:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 05:13:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/17 15:41:32 | 000,000,263 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/15 16:09:53 | 000,275,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/14 11:56:21 | 000,000,382 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:49:16 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/05/14 11:48:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 10:40:08 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/14 09:51:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:38:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2013/05/14 09:31:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:27:07 | 000,001,398 | ---- | M] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:36:12 | 000,002,784 | ---- | M] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | M] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/05/11 05:14:03 | 001,669,798 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 05:13:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 
========== Files Created - No Company Name ==========
 
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/20 11:46:53 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/15 15:57:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/14 11:52:19 | 000,000,382 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:51:49 | 000,000,263 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/14 11:51:02 | 000,005,139 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/14 11:51:00 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/14 11:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 09:38:56 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2013/05/14 09:38:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2013/05/14 09:29:45 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:07 | 000,001,398 | ---- | C] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:06:21 | 000,002,784 | ---- | C] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/04/25 11:51:47 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/25 11:51:47 | 000,021,436 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/25 10:23:42 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2012/01/13 09:27:07 | 001,669,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/11/17 05:46:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009/11/17 05:44:12 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/05/18 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012/01/13 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\InfraRecorder
[2013/04/25 11:51:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MingGuan
[2013/05/13 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/15 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/15 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2013/05/15 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/04/25 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2013/04/25 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Windows Live Writer
[2013/05/20 11:40:10 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/05/14 11:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:34:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/02 13:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 02:01:48 | 000,023,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

TrojanerKing 31.05.2013 11:42
OTL Logfile:
Code:
OTL logfile created on: 5/31/2013 7:38:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 110.77 Gb Free Space | 55.38% Space Free | Partition Type: NTFS
Drive D: | 731.51 Gb Total Space | 731.40 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 7.50 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 05:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 05:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/21 04:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/08/17 21:36:20 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/29 04:36:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 05:13:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 12:08:30 | 000,854,016 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/11/17 05:52:14 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/08 01:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/15 01:53:06 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/01/20 09:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 01:41:54 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 00:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/12/04 00:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/12/04 00:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/11/26 13:37:38 | 000,412,520 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/11/26 13:37:34 | 000,137,064 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/10/31 00:37:44 | 000,099,328 | R--- | M] (Qualcomm Atheros Communications Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qca_shb.sys -- (qca_shb)
DRV:64bit: - [2012/10/31 00:37:44 | 000,039,704 | R--- | M] (Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012/10/31 00:37:40 | 000,135,832 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/10/31 00:37:36 | 000,178,840 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/10/31 00:37:34 | 000,033,944 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/10/31 00:37:32 | 000,055,448 | R--- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2012/10/25 12:20:28 | 000,769,168 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/09/12 10:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/01 12:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 12:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/27 13:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2012/08/27 13:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/19 22:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/19 22:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/07/24 04:37:56 | 000,046,016 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ISCTD64.sys -- (ISCT) Intel(R)
DRV:64bit: - [2012/07/20 11:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstrtdv.sys -- (irstrtdv) Intel(R)
DRV:64bit: - [2012/07/20 10:15:52 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/07/20 10:15:52 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2012/06/13 14:25:50 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2011/10/25 03:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 03:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/07 05:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/07 05:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/21 04:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/09/24 07:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/09/23 23:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/09/23 23:35:34 | 000,041,216 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009/08/28 10:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009/08/26 05:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/08/26 05:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009/08/17 22:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/13 02:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/06/17 08:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009/06/17 08:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = kiebel.de | PC-Systeme und Notebooks nach Maß!
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Bing [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01  [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=5A9B001FCF41424D"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll (Utility Chest)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/25 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions
[2013/05/15 07:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\extensions
[2013/05/14 11:29:53 | 000,006,498 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\babylon.xml
[2013/05/14 11:31:50 | 000,001,304 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\holasearch.xml
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]  File not found
O4 - HKU\Johannes_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Johannes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Johannes_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/31 17:45:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/29 04:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/20 11:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 11:37:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/15 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Johannes
[2013/05/15 15:41:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Thunderbird
[2013/05/15 15:28:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 15:28:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 15:27:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 15:27:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 15:27:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 15:27:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 15:27:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 15:27:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 15:27:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 15:27:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/05/15 15:27:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 15:27:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 15:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 15:27:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 15:27:50 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/05/15 08:51:37 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 08:51:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:51:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 08:51:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2013/05/15 08:51:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 08:51:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/15 08:51:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013/05/14 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\bluesoleil
[2013/05/14 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2013/05/14 11:29:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/14 11:29:38 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot64.exe
[2013/05/14 11:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/05/14 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Bluetooth
[2013/05/14 09:34:49 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdclsx64.dll
[2013/05/14 09:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013/05/14 09:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/05/14 09:34:43 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfdx64.sys
[2013/05/14 09:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013/05/14 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2013/05/14 09:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/13 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/13 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Adobe
[2013/05/12 08:21:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\SCE
[2013/05/12 08:21:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/05/12 08:21:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/05/12 08:21:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/05/12 08:21:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/05/12 08:21:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/05/12 08:21:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/05/12 08:21:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/05/12 08:21:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/05/12 08:21:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/05/12 08:21:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/05/12 08:21:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/05/12 08:21:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/05/12 08:21:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013/05/12 08:21:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/05/12 08:21:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/05/12 08:21:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/05/12 08:21:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/05/12 08:21:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/05/12 08:21:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/05/12 08:21:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/05/12 08:21:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013/05/12 08:21:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013/05/12 08:21:02 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/05/12 08:21:02 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/05/12 08:21:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013/05/12 08:21:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/05/12 08:21:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/05/12 08:20:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/05/12 08:20:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/05/12 08:20:58 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/05/12 08:20:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/05/12 08:20:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/05/12 08:20:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/05/12 08:20:56 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/05/12 08:20:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/05/12 08:20:55 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/05/12 08:20:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/12 08:20:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/05/12 08:20:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/12 08:20:53 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/05/12 08:20:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/12 08:20:52 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/05/12 08:20:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/05/12 08:20:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/05/12 08:20:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/05/12 08:20:50 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/05/12 08:20:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/05/12 08:20:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/05/12 08:20:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/05/12 08:20:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/05/12 08:20:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/05/12 08:20:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/05/12 08:20:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/05/12 08:20:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/05/12 08:20:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/05/12 08:20:45 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/05/12 08:20:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/05/12 08:20:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/05/12 08:20:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/05/12 08:20:43 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/05/12 08:20:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/05/12 08:20:42 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/05/12 08:20:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/05/12 08:20:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/05/12 08:20:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/05/12 08:20:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/05/12 08:20:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/05/12 08:20:39 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/05/12 08:20:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/05/12 08:20:39 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/05/12 08:20:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/05/12 08:20:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/05/12 08:20:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/05/12 08:20:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/05/12 08:20:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/05/12 08:20:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/05/12 08:20:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/05/12 08:20:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/05/12 08:20:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/05/12 08:20:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/05/12 08:20:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/05/12 08:20:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/05/12 08:20:32 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/05/12 08:20:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/05/12 08:20:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/05/12 08:20:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/05/12 08:20:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/05/12 08:20:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/05/12 08:20:29 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/05/12 08:20:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/05/12 08:20:28 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/05/12 08:20:28 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/05/12 08:20:27 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/05/12 08:20:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/05/12 08:20:26 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/05/12 08:20:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/05/12 08:20:25 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/05/12 08:20:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/05/12 08:20:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/05/12 08:20:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/05/12 08:20:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/05/12 08:20:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/05/12 08:20:17 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/05/12 08:20:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/05/12 08:20:16 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/05/12 08:20:16 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/05/12 08:20:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/05/12 08:20:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/05/12 08:20:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/05/12 08:20:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/05/12 08:20:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/05/12 08:20:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/05/12 08:20:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/05/12 08:20:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/05/11 06:15:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\The Lord of the Rings Online
[2013/05/11 06:06:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Chromium
[2013/05/11 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\The Lord of the Rings Online
[2013/05/11 05:16:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/05/11 05:16:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/05/11 05:16:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/05/11 05:14:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Turbine
[2013/05/11 05:14:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\ApplicationHistory
[2013/05/11 05:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/05/11 05:12:10 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/05/02 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/05/02 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\NVIDIA
[2013/05/02 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/02 12:34:26 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Johannes\Desktop\MinecraftSP.exe
[2013/05/02 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\.minecraft
[2013/05/02 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/31 12:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/31 12:29:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 12:23:07 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:23:07 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:20:00 | 000,707,686 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/31 12:20:00 | 000,661,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/31 12:20:00 | 000,153,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 12:20:00 | 000,125,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/31 12:15:58 | 000,005,139 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/31 12:15:47 | 000,001,078 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/05/31 12:15:33 | 2070,130,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/05/30 13:07:44 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/28 16:24:35 | 000,007,597 | ---- | M] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2013/05/20 11:46:53 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/20 11:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 05:13:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 05:13:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/17 15:41:32 | 000,000,263 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/15 16:09:53 | 000,275,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/14 11:56:21 | 000,000,382 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:49:16 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/05/14 11:48:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 10:40:08 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/14 09:51:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:38:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2013/05/14 09:31:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:27:07 | 000,001,398 | ---- | M] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:36:12 | 000,002,784 | ---- | M] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | M] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/05/11 05:14:03 | 001,669,798 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 05:13:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 
========== Files Created - No Company Name ==========
 
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/20 11:46:53 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/15 15:57:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/14 11:52:19 | 000,000,382 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:51:49 | 000,000,263 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/14 11:51:02 | 000,005,139 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/14 11:51:00 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/14 11:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 09:38:56 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2013/05/14 09:38:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2013/05/14 09:29:45 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:07 | 000,001,398 | ---- | C] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:06:21 | 000,002,784 | ---- | C] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/04/25 11:51:47 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/25 11:51:47 | 000,021,436 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/25 10:23:42 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2012/01/13 09:27:07 | 001,669,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/11/17 05:46:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009/11/17 05:44:12 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/05/18 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012/01/13 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\InfraRecorder
[2013/04/25 11:51:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MingGuan
[2013/05/13 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/15 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/15 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2013/05/15 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/04/25 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2013/04/25 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Windows Live Writer
[2013/05/20 11:40:10 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/05/14 11:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:34:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/02 13:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 02:01:48 | 000,023,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


upps zweimal das selbe

markusg 31.05.2013 14:19
hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, modus im bios ändern.
windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

TrojanerKing 31.05.2013 14:39
bei mir läuft der fix immer durch aber der pc startet nicht automatisch neu
LOG:
========== OTL ==========
Registry value HKEY_USERS\Johannes_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.
C:\Windows\SysWOW64\cmd.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2079 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 05312013_223642

markusg 31.05.2013 14:41
dann startest du ihn, halt wie schon auf seite 1 gesagt, selbst neu

TrojanerKing 31.05.2013 14:49
Windows hat nach dem modus gefragt
ich habe normal gewählt da die zeit nicht zum nachfragen gereicht hat
die cmd.exe ist wieder da und sagt
"Der Befehl C:\Users\Johannes\Documents\7232b878.exe ist entweder falsch geschrieben oder konnte nicht gefunden werden"
C:\Windows\system32> courser !
Außenrum ist alles schwarz

markusg 31.05.2013 14:55
ok mit otl wie folgt scannen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• setze den haken bei "Automatically Load All Remaining Users" wenn er nicht gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

TrojanerKing 31.05.2013 14:58
denkst du des ist zu reparieren?
immer wenn ich OTLPE öffne werde ich gefragt, welchen ordner ich durchsuchen möchte und wenn ich my Computer wähle sagt er, dass kein Windows gefunden wurde
also wähle ich C:\Windows

markusg 31.05.2013 15:03
das ist richtig so. wir versuchens jetzt noch einmal

TrojanerKing 31.05.2013 15:16
out of Memory
nochmal?

markusg 31.05.2013 16:51
dann ohne script. noch mal scannen bitt

TrojanerKing 31.05.2013 16:53
denkst du des wird wieder oder wäre eine Formatierung leichter?
Log:OTL Logfile:
Code:
OTL logfile created on: 6/1/2013 2:59:58 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 110.77 Gb Free Space | 55.38% Space Free | Partition Type: NTFS
Drive D: | 7.50 Gb Total Space | 7.50 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 731.51 Gb Total Space | 731.40 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 05:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 05:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/21 04:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/08/17 21:36:20 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/29 04:36:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 05:13:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 02:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 12:08:30 | 000,854,016 | ---- | M] (IVT Corporation) [Auto] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/11/17 05:52:14 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/08 01:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/15 01:53:06 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2013/01/20 09:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 01:41:54 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 00:21:12 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/12/04 00:21:12 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/12/04 00:21:10 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/11/26 13:37:38 | 000,412,520 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/11/26 13:37:34 | 000,137,064 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\system32\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/11/02 05:06:12 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand] -- C:\Windows\system32\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2012/10/31 00:37:44 | 000,099,328 | R--- | M] (Qualcomm Atheros Communications Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qca_shb.sys -- (qca_shb)
DRV:64bit: - [2012/10/31 00:37:44 | 000,039,704 | R--- | M] (Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012/10/31 00:37:40 | 000,135,832 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/10/31 00:37:36 | 000,178,840 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/10/31 00:37:34 | 000,033,944 | R--- | M] (Qualcomm Atheros) [Kernel | On_Demand] -- C:\Windows\system32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/10/31 00:37:32 | 000,055,448 | R--- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2012/10/25 12:20:28 | 000,769,168 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/09/12 10:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/01 12:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 12:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/27 13:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2012/08/27 13:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/19 22:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/19 22:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- C:\Windows\system32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/07/24 04:37:56 | 000,046,016 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ISCTD64.sys -- (ISCT) Intel(R)
DRV:64bit: - [2012/07/20 11:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\irstrtdv.sys -- (irstrtdv) Intel(R)
DRV:64bit: - [2012/07/20 10:15:52 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/07/20 10:15:52 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2012/06/13 14:25:50 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:64bit: - [2011/10/25 03:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 03:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/10/01 02:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 02:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 02:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 02:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/07 05:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/07 05:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/26 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/21 04:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/09/24 07:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009/09/23 23:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009/09/23 23:35:34 | 000,041,216 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009/08/28 10:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009/08/26 05:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/08/26 05:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009/08/17 22:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/13 02:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/06/17 08:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009/06/17 08:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kiebel.de
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Johannes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01  [binary data]
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Johannes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=5A9B001FCF41424D"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@ei.UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISb.dll (Utility Chest)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/25 10:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions
[2013/05/15 07:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\extensions
[2013/05/14 11:29:53 | 000,006,498 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\babylon.xml
[2013/05/14 11:31:50 | 000,001,304 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\holasearch.xml
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/29 04:36:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]  File not found
O4 - HKU\Johannes_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Johannes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Johannes_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Johannes_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/31 17:45:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/29 04:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/20 11:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/20 11:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/20 11:37:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/15 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Johannes
[2013/05/15 15:41:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/05/15 15:32:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Thunderbird
[2013/05/15 15:28:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 15:28:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 15:27:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 15:27:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/15 15:27:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 15:27:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 15:27:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/15 15:27:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 15:27:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/15 15:27:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 15:27:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/05/15 15:27:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 15:27:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/15 15:27:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 15:27:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 15:27:50 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/05/15 08:51:37 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 08:51:37 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:51:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 08:51:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2013/05/15 08:51:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 08:51:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/15 08:51:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013/05/14 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\bluesoleil
[2013/05/14 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2013/05/14 11:29:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/14 11:29:38 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot64.exe
[2013/05/14 11:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/05/14 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Bluetooth
[2013/05/14 09:34:49 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdclsx64.dll
[2013/05/14 09:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013/05/14 09:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/05/14 09:34:43 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfdx64.sys
[2013/05/14 09:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013/05/14 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2013/05/14 09:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/13 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/13 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/13 08:40:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Adobe
[2013/05/12 08:21:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\SCE
[2013/05/12 08:21:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/05/12 08:21:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/05/12 08:21:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/05/12 08:21:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/05/12 08:21:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/05/12 08:21:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/05/12 08:21:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/05/12 08:21:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/05/12 08:21:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/05/12 08:21:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/05/12 08:21:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/05/12 08:21:10 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/05/12 08:21:10 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/05/12 08:21:10 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/05/12 08:21:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013/05/12 08:21:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/05/12 08:21:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/05/12 08:21:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/05/12 08:21:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/05/12 08:21:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/05/12 08:21:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/05/12 08:21:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/05/12 08:21:03 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013/05/12 08:21:03 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013/05/12 08:21:02 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/05/12 08:21:02 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/05/12 08:21:01 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/05/12 08:21:01 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/05/12 08:21:01 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013/05/12 08:21:00 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/05/12 08:21:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/05/12 08:20:59 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/05/12 08:20:59 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/05/12 08:20:59 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/05/12 08:20:58 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/05/12 08:20:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/05/12 08:20:57 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/05/12 08:20:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/05/12 08:20:57 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/05/12 08:20:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/05/12 08:20:56 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/05/12 08:20:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/05/12 08:20:55 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/12 08:20:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/05/12 08:20:55 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/05/12 08:20:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/12 08:20:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/12 08:20:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/05/12 08:20:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/12 08:20:53 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/05/12 08:20:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/12 08:20:52 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/05/12 08:20:52 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/05/12 08:20:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/05/12 08:20:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/05/12 08:20:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/05/12 08:20:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/05/12 08:20:50 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/05/12 08:20:50 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/05/12 08:20:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/05/12 08:20:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/05/12 08:20:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/05/12 08:20:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/05/12 08:20:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/05/12 08:20:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/05/12 08:20:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/05/12 08:20:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/05/12 08:20:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/05/12 08:20:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/05/12 08:20:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/05/12 08:20:45 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/05/12 08:20:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/05/12 08:20:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/05/12 08:20:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/05/12 08:20:43 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/05/12 08:20:43 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/05/12 08:20:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/05/12 08:20:42 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/05/12 08:20:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/05/12 08:20:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/05/12 08:20:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/05/12 08:20:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/05/12 08:20:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/05/12 08:20:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/05/12 08:20:39 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/05/12 08:20:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/05/12 08:20:39 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/05/12 08:20:39 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/05/12 08:20:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/05/12 08:20:38 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/05/12 08:20:38 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/05/12 08:20:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/05/12 08:20:37 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/05/12 08:20:37 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/05/12 08:20:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/05/12 08:20:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/05/12 08:20:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/05/12 08:20:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/05/12 08:20:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/05/12 08:20:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/05/12 08:20:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/05/12 08:20:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/05/12 08:20:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/05/12 08:20:32 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/05/12 08:20:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/05/12 08:20:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/05/12 08:20:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/05/12 08:20:29 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/05/12 08:20:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/05/12 08:20:29 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/05/12 08:20:29 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/05/12 08:20:29 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/05/12 08:20:28 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/05/12 08:20:28 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/05/12 08:20:27 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/05/12 08:20:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/05/12 08:20:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/05/12 08:20:26 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/05/12 08:20:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/05/12 08:20:25 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/05/12 08:20:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/05/12 08:20:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/05/12 08:20:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/05/12 08:20:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/05/12 08:20:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/05/12 08:20:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/05/12 08:20:17 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/05/12 08:20:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/05/12 08:20:16 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/05/12 08:20:16 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/05/12 08:20:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/05/12 08:20:15 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/05/12 08:20:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/05/12 08:20:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/05/12 08:20:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/05/12 08:20:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/05/12 08:20:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/05/12 08:20:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/05/11 06:15:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\The Lord of the Rings Online
[2013/05/11 06:06:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Chromium
[2013/05/11 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\The Lord of the Rings Online
[2013/05/11 05:16:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/05/11 05:16:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/05/11 05:16:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/05/11 05:14:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Turbine
[2013/05/11 05:14:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\ApplicationHistory
[2013/05/11 05:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013/05/11 05:12:10 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/05/02 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/05/02 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\NVIDIA
[2013/05/02 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/02 12:34:26 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Johannes\Desktop\MinecraftSP.exe
[2013/05/02 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\.minecraft
[2013/05/02 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/31 16:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/31 16:53:09 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 16:53:09 | 000,031,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 16:50:18 | 000,707,686 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/31 16:50:18 | 000,661,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/31 16:50:18 | 000,153,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/31 16:50:18 | 000,125,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/31 16:45:54 | 000,005,139 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/31 16:45:48 | 000,001,078 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/05/31 16:45:26 | 2070,130,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 12:29:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/05/30 13:07:44 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/28 16:24:35 | 000,007,597 | ---- | M] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2013/05/20 11:46:53 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/20 11:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/18 05:13:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 05:13:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/17 15:41:32 | 000,000,263 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/15 16:09:53 | 000,275,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/14 11:56:21 | 000,000,382 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:49:16 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/05/14 11:48:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 10:40:08 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/14 09:51:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/14 09:38:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2013/05/14 09:31:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/13 15:27:07 | 000,001,398 | ---- | M] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:36:12 | 000,002,784 | ---- | M] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | M] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/05/11 05:14:03 | 001,669,798 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 05:13:04 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 
========== Files Created - No Company Name ==========
 
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013/05/31 02:01:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013/05/20 11:46:53 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/05/15 15:57:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/14 11:52:19 | 000,000,382 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/05/14 11:51:49 | 000,000,263 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/05/14 11:51:02 | 000,005,139 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/14 11:51:00 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/14 11:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013/05/14 09:38:56 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2013/05/14 09:38:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2013/05/14 09:29:45 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/13 15:27:07 | 000,001,398 | ---- | C] () -- C:\Users\Johannes\Desktop\Free YouTube to MP3 Converter.lnk
[2013/05/13 13:06:21 | 000,002,784 | ---- | C] () -- C:\Users\Johannes\Documents\UserPreferences.ini
[2013/05/12 09:09:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/11 05:14:32 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2013/04/25 11:51:47 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/25 11:51:47 | 000,021,436 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/25 10:23:42 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2012/01/13 09:27:07 | 001,669,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/13 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/11/17 05:46:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2009/11/17 05:44:12 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2013/05/18 11:37:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2013/05/13 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012/01/13 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\InfraRecorder
[2013/04/25 11:51:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MingGuan
[2013/05/13 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenCandy
[2013/05/15 07:55:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PerformerSoft
[2013/05/15 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2013/05/15 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2013/04/25 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2013/04/25 12:08:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Windows Live Writer
[2013/05/20 11:40:10 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/05/13 15:27:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/05/14 11:29:38 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2013/05/14 09:34:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/02 13:53:43 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2013/04/25 10:23:14 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/05/30 02:01:48 | 000,023,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 31.05.2013 18:35
bauf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Johannes_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx]  File not found
O20 - HKU\Johannes_ON_C Winlogon: Shell - (cmd.exe) -  File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, modus im bios umstellen
windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



danach weiter mit Upload wie nach dem ersten OTL script

TrojanerKing 31.05.2013 18:35
kann es sein das Windows was abgekriegt hat?

markusg 31.05.2013 18:38
fix ausgeführt, mach das bitte noch mal, der sollte es jetzt lösen

TrojanerKing 31.05.2013 18:44
hat wieder nicht automatisch neu gestartet
habe auf C: gebootet
wieder der schwarze Bildschirm

Fixlog:

========== OTL ==========
Registry key HKEY_USERS\Johannes_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\Johannes_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Johannes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5981 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 06012013_043912

markusg 31.05.2013 18:45
mit dem cmd fenster oder nur schwarz? geht der Taskmanager auf?

TrojanerKing 31.05.2013 18:49
cmd fenster + schwarz
Task Manager lässt sich öffnen
habe 5 Prozesse:
cmd.exe
conhost.exe
csrss.exe
ctfmon.exe
taskmgr.exe
winlogon.exe

und eine Anwendung:
Administrator: cmd.exe

was jetzt?

markusg 31.05.2013 18:57
versuch mal die cmd.exe zu beenden.
starte über den taskmanager mal iexplore.exe bzw firefox.exe
HitmanPro - Download - Filepony

Lade dir dann mal Hitmanpro, navigiere zu deinem Downloadordner, öffne die Datei.
Klicke auf Scan, nichts löschen, klicke auf weiter.
Log speichern bzw als xml exportieren, dann posten, bzw packen und anhängen.

TrojanerKing 31.05.2013 19:03
der pc ist über dlan verbunden aber mir wird kein Netzwerk angezeigt

markusg 31.05.2013 19:04
das is ungünstig.
ok dann folgenes versuchen, du müsstest dann nur combofix via usb stick auf das Gerät kopieren.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

TrojanerKing 31.05.2013 19:09
wie kopiere ich das auf den infizierten pc?

markusg 31.05.2013 19:09
na via usb stick zbsteht ja auch oben

TrojanerKing 31.05.2013 19:14
sorry
habe mich blöd angestellt
combofix läuft auf dem pc

anfangs liefs gut aber jetzt tut sich gar nichts mehr!

markusg 31.05.2013 19:23
es läuft grad mal maximal 10 minuten und auf dem bildschirm stand doch sicher, dass sich die Dauer leicht verdoppeln kann wenn in den nächsten 15 min keine Stufe mehr fertiggestellt wird, melden.

TrojanerKing 31.05.2013 19:42
es tut sich immer noch nichts

markusg 31.05.2013 19:53
ok brichs mal ab.
öffne den Taskmanager,
gehe auf die Registerkarte anwendung, neuer task, tippe:
regedit.exe
enter, evtl. uac abfrage bestätigen, drücke f3 ein suche fenster müsste aufgehen.
suche:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
wenn der Eintrag gefunden wird, rechtsklick, exportieren, und dann auf deinem stick speichern, selbe für:
HKCU\SOFTWARE\Microsoft\Command Processor]
dann hochladen:
Trojaner-Board Upload Channel

TrojanerKing 31.05.2013 20:02
ich suche es aber es wird nichts gefunden außer (Standard)

markusg 31.05.2013 20:07
ich hoffe, du hast noch lust zu schauen, wenn nicht, setzen wir neu auf.
unter regedit suchen:
7232b878.exe
jeden gefundenen Schlüssel exportieren und hochladen wie beschrieben

TrojanerKing 31.05.2013 20:09
ich würde die Daten gerne behalten
aber es gibt doch die formatier variante als letzten Ausweg oder?

markusg 31.05.2013 20:10
Die daten könnten wir auch bei ner Formatierung vorher retten, das währe nicht das problem

TrojanerKing 31.05.2013 20:12
upload ist durch

weil die spiele wieder runterzuladen wäre blöd

mir ist da noch was eingefallen

ich habe zwei Festplatten, denn als ich den pc gekauft habe wurde es so eingerichtet, dass eine Festplatte ca. 300 GB und die andere ca. 700 GB enthält
ich glaube das war so gedacht das auf der kleineren Windows und auf der großen der rest ist
aber ich habs irgendwie versaut und jetzt ist alles auf der kleinen
wenn wir des zeug auf die große platte bringen können wir die kleine formatieren und neu auflegen

markusg 31.05.2013 20:25
ok,
suche noch mal nach dem vorhin genanntem und wähle dann auf der rechten seite:
qcgce2mrvjq91kk1e7pnbb19m52fx
rechtsklick und löschen
schließe regedit und starte noch mal neu.

TrojanerKing 31.05.2013 20:28
ok Neustart läuft

ich bin im normalen Windows 7 drin

markusg 31.05.2013 20:31
sehr gut, kannst du jetzt noch mal combofix starten bitte?

TrojanerKing 31.05.2013 20:35
combofix läuft
vorher habe ich den pc vom Internet getrennt

markusg 31.05.2013 20:35
nein bitte am netz lassen

TrojanerKing 31.05.2013 20:39
srry
kann ich über den befallenen pc auf Trojaner board

es lädt schon wieder sehr lange und bleibt an der selben stelle stehen wie vorher

markusg 31.05.2013 21:26
du meinst combofix bleibt stehen?
Internet hat er nach neustart? dann:
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

TrojanerKing 31.05.2013 22:35
ok die Sache ist durch
3 infizierte Elemente gefunden und alle erfolgreich entfernt

LOG:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.31.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Johannes :: PARADIES [Administrator]

Schutz: Aktiviert

01.06.2013 07:35:08
mbam-log-2013-06-01 (07-35-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 353159
Laufzeit: 54 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\_OTL\MovedFiles\05312013_174524\C_Users\Johannes\Documents\7232b878.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
mache erst morgen wieder weiter
kann ich den pc jetzt wieder ohne Gefahr nutzen?

ich habe nach mal malwarebytes noch mein antivirenprogramm Microsoft security essentials drüberlaufen lassen

es wurden 2 weitere Bedrohungen entdeckt mit der Beschreibung Trojan:Win32/Sisproc
der scaner bezeichnet sie mit schwerwiegend worauf ich beide entfernt habe

habe auch den upload aus eintrag #15 gemacht.

markusg 02.06.2013 14:22
hatte ich was von nem mse scan geschrieben, und vor allem, wo sind die Fundmeldungen mit pfadangabe?

TrojanerKing 02.06.2013 19:40
sorry
fundmeldungen von was?

markusg 03.06.2013 12:24
von mse
microsoft sec essencials
die funde brauch ich

TrojanerKing 03.06.2013 14:44
wo finde ich die denn nach dem entfernen entsteht kein log oder so

markusg 03.06.2013 14:48
start ausführen ereignissprotokolle anzeigen, unter anwendungen müsstest du die passenen Einträge finden

TrojanerKing 03.06.2013 14:52
sorry aber ich kapier das grad nicht
soll ich links unten auf start?

markusg 03.06.2013 14:55
na da steht doch, start, ausführen, also j, auf start klicken ausführen und dann das genannte eingeben

TrojanerKing 03.06.2013 15:00
ich denke ich habe den ordner gefunden aber es gibt keine ereignissprotokolle von mse

markusg 03.06.2013 15:03
dann weiter:

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

TrojanerKing 03.06.2013 15:17
hier die liste

Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        13.01.2012        4,53MB        9.20.00.0 notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        15.05.2013        6,00MB        11.7.700.202 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        18.05.2013        6,00MB        11.7.700.202 notwendig
Adobe Reader XI (11.0.01) - Deutsch        Adobe Systems Incorporated        15.01.2013        133MB        11.0.01 unbekannt
Apple Application Support        Apple Inc.        20.05.2013        64,7MB        2.3.4 unbekannt
Apple Mobile Device Support        Apple Inc.        27.04.2013        25,2MB        6.1.0.13 unbekannt
Apple Software Update        Apple Inc.        27.04.2013        2,38MB        2.1.3.127 unbekannt
Bluesoleil 5.4.286.0        IVT Corporation        14.05.2013        50,6MB        5.4.286.0 notwendig
Bonjour        Apple Inc.        27.04.2013        2,04MB        3.0.0.10 unbekannt
CCleaner        Piriform        24.05.2013                4.02 notwendig
Drakonia Configurator                25.04.2013        11,7MB notwendig       
Free YouTube to MP3 Converter version 3.12.2.430        DVDVideoSoft Ltd.        13.05.2013        77,5MB        3.12.2.430 notwendig
Google Chrome        Google Inc.        03.06.2013                27.0.1453.94 unnötig
Google Toolbar for Internet Explorer        Google Inc.        03.06.2013                7.4.3607.2246 unbekannt
InfraRecorder 0.53 (x64 edition)        Christian Kindahl        15.01.2013        9,73MB        0.53.00.00 unbekannt
iTunes        Apple Inc.        20.05.2013        187MB        11.0.3.42 notwendig
Java 7 Update 11        Oracle        15.01.2013        130MB        7.0.110 notwendig
Java 7 Update 11 (64-bit)        Oracle        15.01.2013        127MB        7.0.110 notwendig
KCService.de Fernwartung        KCS Service GmbH        24.04.2013        3,25MB        1.0.0 unbekannd
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        01.06.2013        19,2MB        1.75.0.1300 notwendig
Microsoft .NET Framework 1.1                11.05.2013 unbekannt               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        13.01.2012        38,8MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended        Microsoft Corporation        13.01.2012        51,9MB        4.0.30319 unbekannt
Microsoft Office 2010        Microsoft Corporation        10.02.2012        6,31MB        14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010        Microsoft Corporation        25.04.2013                14.0.4763.1000 unbekannt
Microsoft Office Starter 2010 - Deutsch        Microsoft Corporation        25.04.2013                14.0.4763.1000 notwendig
Microsoft Security Essentials        Microsoft Corporation        27.04.2013                4.2.223.1 notwendig
Microsoft Silverlight        Microsoft Corporation        27.04.2013        50,6MB        5.1.20125.0 unbekannt
Microsoft SkyDrive        Microsoft Corporation        12.05.2013        25,1MB        16.4.6013.0910 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        13.01.2012        1,69MB        3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        11.05.2013        298KB        8.0.61001 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        10.02.2012        13,7MB        10.0.30319 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        13.05.2013        11,1MB        10.0.40219 unbekannt
Mozilla Firefox 21.0 (x86 de)        Mozilla        29.05.2013        44,5MB        21.0 notwendig
Mozilla Maintenance Service        Mozilla        29.05.2013        333KB        21.0 unbekannt
Nokia Connectivity Cable Driver        Nokia        14.05.2013        3,51MB        7.0.2.0 unbekannt
NVIDIA 3D Vision Controller-Treiber 314.22        NVIDIA Corporation        24.04.2013                314.22 unbekannt
NVIDIA 3D Vision Treiber 314.22        NVIDIA Corporation        24.04.2013                314.22 unbekannt
NVIDIA Grafiktreiber 314.22        NVIDIA Corporation        24.04.2013                314.22 unbekannt
NVIDIA HD-Audiotreiber 1.3.23.1        NVIDIA Corporation        24.04.2013                1.3.23.1 unbekannt
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        24.04.2013                9.12.1031 unbekannt
NVIDIA Update 1.12.12        NVIDIA Corporation        24.04.2013                1.12.12 unbekannt
PC Connectivity Solution        Nokia        14.05.2013        16,4MB        8.22.7.0 unbekannt
PlanetSide 2        Sony Online Entertainment        14.05.2013 notwendig               
PowerLine Utility        TP-LINK        25.04.2013        2,69MB        1.1.510 notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        24.04.2013                6.0.1.6662 unbekannt
Star Wars - Battlefront II        Pandemic Studios        14.05.2013 notwendig               
Steam        Valve Corporation        14.05.2013        35,4MB        1.0.0.0 notwendig
The Lord of the Rings Online™                14.05.2013 notwendig               
The Lord of the Rings Online™ v03.08.00.8029        Turbine, Inc.        06.10.2012                03.08.00.8029 notwendig
Windows Live Essentials        Microsoft Corporation        15.01.2013                16.4.3505.0912 unbekannt
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        14.05.2013                08/22/2008 7.0.0.0 unbekannt
WinPcap 4.1.2        CACE Technologies        25.04.2013                4.1.0.2001 unbekannt

markusg 03.06.2013 16:32
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

Google : beide
InfraRecorder
Java : beie
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

TrojanerKing 03.06.2013 16:49
infra Recorder lässt sich nicht deinstallieren, da irgendeine Datei nicht gefunden wurde
weitermachen?

markusg 03.06.2013 16:52
Hi
was sich nicht deinstaliren lässt, kann man mit rewo entfernen:
Revo Uninstaller - Download - Filepony

TrojanerKing 03.06.2013 16:58
der findet infra Recorder nicht
und im jagdmodus wird alles als Adobe Reader erkannt

markusg 03.06.2013 17:00
dann lass ihn drauf

TrojanerKing 03.06.2013 17:14
hier die Datei

Code:
# AdwCleaner v2.301 - Datei am 03/06/2013 um 18:09:53 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Johannes - PARADIES
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Johannes\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Johannes\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Johannes\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Johannes\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e57d78bb73ceb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\prefs.js

C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&m[...]
Gelöscht : user_pref("extensions.holasearch.admin", false);
Gelöscht : user_pref("extensions.holasearch.aflt", "babsst");
Gelöscht : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Gelöscht : user_pref("extensions.holasearch.autoRvrt", "false");
Gelöscht : user_pref("extensions.holasearch.dfltLng", "en");
Gelöscht : user_pref("extensions.holasearch.excTlbr", false);
Gelöscht : user_pref("extensions.holasearch.ffxUnstlRst", false);
Gelöscht : user_pref("extensions.holasearch.id", "5a9b307b000000000000001fcf41424d");
Gelöscht : user_pref("extensions.holasearch.instlDay", "15839");
Gelöscht : user_pref("extensions.holasearch.instlRef", "sst");
Gelöscht : user_pref("extensions.holasearch.newTab", false);
Gelöscht : user_pref("extensions.holasearch.prdct", "holasearch");
Gelöscht : user_pref("extensions.holasearch.prtnrId", "holasearch");
Gelöscht : user_pref("extensions.holasearch.rvrt", "false");
Gelöscht : user_pref("extensions.holasearch.smplGrp", "none");
Gelöscht : user_pref("extensions.holasearch.tlbrId", "base");
Gelöscht : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1617:31:49");
Gelöscht : user_pref("extensions.holasearch.vrsni", "1.8.16.16");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [12975 octets] - [03/06/2013 18:09:53]

########## EOF - C:\AdwCleaner[S1].txt - [13036 octets] ##########
cool holasearch ist weg

markusg 03.06.2013 17:16
starte bitte neu.

HitmanPro - Download - Filepony

Hitmanpro laden, doppelklicken.
Auf Scan klicken.
Nichts löschen, auf weiter klicken.
Log speichern unter, bzw als xml exportieren, dann posten, bzw packen und anhängen

TrojanerKing 03.06.2013 18:33
scan log von hitmanpro

Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : PARADIES
  Windows . . . . . . . : 6.1.1.7601.X64/8
  User name . . . . . . : Paradies\Johannes
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-06-03 19:29:36
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 21s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 20

  Objects scanned . . . : 1.074.284
  Files scanned . . . . : 15.659
  Remnants scanned  . . : 222.650 files / 835.975 keys

Potential Unwanted Programs _________________________________________________

  HKU\S-1-5-21-231651361-152602885-4189494726-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

  C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\cookies.sqlite:doubleclick.net
  C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\kfygexnd.default\cookies.sqlite:revsci.net

markusg 03.06.2013 18:36
alles löschen bitte was Hitmanpro gefunden hatt.
neustarten.
bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

TrojanerKing 03.06.2013 21:08
soweit geht alles aber ich habe das gefühl das laden der Programme und der start dauern etwas länger wie vorher

markusg 03.06.2013 21:16
deinstaliere mal malwarebytes, gehts besser?b

TrojanerKing 03.06.2013 21:19
wie geil sekundenbruchteile selbst für spiele
ich danke dir vielmals
sind wir somit fertig oder hast du noch tipps?
ich würde in Zukunft gerne von solchen Sachen verschont bleiben

markusg 03.06.2013 21:43
ja, wir sichern den PC noch ab.
öffne mal otl, klicke bereinigen, PC startet neu, löscht remover.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

TrojanerKing 04.06.2013 14:19
ich habe ziemlich viel gemacht, außer sandbox und backup muss ich noch machen
als antivirenprogramm immer noch mse
als alternativbrowser habe ich Firefox
könntest du mir da noch mit AdblockPlus und WOT (auch für IE) helfen ?
gibt's kostenlose alternativen zu emisoft ?

markusg 04.06.2013 14:31
15 € is ja nu auch nich so übertrieben teuer :-)
avast hatte ich auch gepostet
warum nicht chrome? er bietet mehr sicherheitsfunktionen und ist schneller als der ff
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.

TrojanerKing 04.06.2013 15:25
ne frage
wie viel speicher brauch man für ein backup ?
habe auch im moment noch keine externe Festplatte (habe den pc erst 1 Monat)
wg Chrome
ich habe Firefox deswegen weil bei IE der vollbildmodus von darkorbit nicht funktioniert und Firefox mir als erstes einfiel
habe Chrome jetzt installiert
kann ich FF behalten?
bin übrigens noch schüler und deshalb sind 30 € für sandbox und dann noch emisoft schon viel

markusg 04.06.2013 16:36
Hi wie viel backup platz du brauchst weis ich nicht.
chrome:
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online



wenn du mit chrome zufrieden bist, besteht kein Grund noch den ff drauf zu lassen.

TrojanerKing 04.06.2013 16:57
ok habe ff gelöscht
ich bedanke mich bei dir vor allem für deine Geduld
ich habe mich schon manchmal blöd angestellt
wenn noch was zu machen ist ...

markusg 04.06.2013 16:58
Hi, liste aus post 92 durch? ich weis, außer Backup :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131